Hi,
I need some reference material regarding "How to configure customize schema" in OpenLdap2.4.x. I have some schema files of version 2.3<, when slapd.conf were used. I am want to import those schema into new Openldap.2.4.39 . I have gone through Admin guide tried some methods but, I didn't get much help from it. Kindly help me or whom should I contact or any specific materials.
Thank You, Abhishek koserwal,
Hi,
Coincidentally I was adding a flat .schema file to my cn=config setup yesterday, here’s my (rather brief) notes on the conversion process:
1. Create a temporary directory and put your .schema file in it. mkdir /tmp/schema
2. Create a minimal slapd.conf file containing only an include of the new schema file
cd /tmp/schema cp /etc/openldap/slapd.conf /tmp/slapd.conf.schema Vim slapd.conf.schemaname
Comment everything out Add the following line: include /tmp/schema/schemaname.schema
Generate the schema file using slaptest while in the /tmp/schema directory : /usr/local/authz/sbin/slaptest -f slapd.conf.schemaname -F .
If the conversion process succeeded you should now have a cn=config/cn=schema directory. In order to “ldapadd” it into an existing setup it will need a bit of sanitising. Remove the commented lines and any operational/internal attributes e.g.
structuralObjectClass: olcSchemaConfig entryUUID: dd03fc7a-d4fe-1033-96b0-055318f25a03 creatorsName: cn=config createTimestamp: 20140920104438Z entryCSN: 20140920104438.200261Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140920104438Z
Modify the dn to be “cn=schemaname,cn=schema,cn=config and remove the ordering {0} bracket from the cn
Finally cd to the new schema location and run: /usr/local/authz/bin/ldapadd -D cn=Manager,cn=config -W -f cn={9}schemaname.ldif
Disclaimer: this is the process that worked for me but there are no doubt other/better ways to do this but slaptest is your friend here.
On 20 Sep 2014, at 07:17, Abhishek koserwal abhishek.koserwal@gmail.com wrote:
Hi,
I need some reference material regarding "How to configure customize schema" in OpenLdap2.4.x. I have some schema files of version 2.3<, when slapd.conf were used. I am want to import those schema into new Openldap.2.4.39 . I have gone through Admin guide tried some methods but, I didn't get much help from it. Kindly help me or whom should I contact or any specific materials.
Thank You, Abhishek koserwal,
/****************************
Mark Cairney ITI UNIX Section Information Services University of Edinburgh
Tel: 0131 650 6565 Email: Mark.Cairney@ed.ac.uk PGP: 0x435A9621
*******************************/
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
Mark Cairney wrote:
Hi,
Coincidentally I was adding a flat .schema file to my cn=config setup yesterday, here’s my (rather brief) notes on the conversion process:
The direct manual steps are documented in schema/openldap.ldif.
- Create a temporary directory and put your .schema file in it.
mkdir /tmp/schema
- Create a minimal slapd.conf file containing only an include of the new schema file
cd /tmp/schema cp /etc/openldap/slapd.conf /tmp/slapd.conf.schema Vim slapd.conf.schemaname
Comment everything out Add the following line: include /tmp/schema/schemaname.schema
You'll need to include any other schemas that your to-be-converted schema depends on, as well.
Generate the schema file using slaptest while in the /tmp/schema directory : /usr/local/authz/sbin/slaptest -f slapd.conf.schemaname -F .
This is the usual procedure for converting an entire configuration. If you only want to convert some schema, just use:
slapcat -f slapd.conf.schemaname -F /tmp/schema -n0 -s cn=schema,cn=config
The manpages already document that any of the slap* tools can be used to perform a conversion. You would know this if you read them.
If the conversion process succeeded you should now have a cn=config/cn=schema directory.
Your conversion creates a slapd config database. As already stated countless times, slapd database internal formats are subject to change without notice. You should not be poking at the contents of any files within a slapd database unless you really know what you're doing. If you're asking these types of questions on this list, by definition you don't know what you're doing.
Use the slapcat output to get the contents of a slapd database. This is why the tool exists.
On 20 Sep 2014, at 07:17, Abhishek koserwal abhishek.koserwal@gmail.com wrote:
Hi,
I need some reference material regarding "How to configure customize schema" in OpenLdap2.4.x. I have some schema files of version 2.3<, when slapd.conf were used. I am want to import those schema into new Openldap.2.4.39 . I have gone through Admin guide tried some methods but, I didn't get much help from it. Kindly help me or whom should I contact or any specific materials.
Thank You, Abhishek koserwal,
On 20 Sep 2014, at 16:48, Howard Chu hyc@symas.com wrote:
Mark Cairney wrote:
Hi,
Coincidentally I was adding a flat .schema file to my cn=config setup yesterday, here’s my (rather brief) notes on the conversion process:
The direct manual steps are documented in schema/openldap.ldif.
That’s pretty useful and it demonstrates that it’s probably easier to do it by hand than jump through the hoops I’ve described previously.
- Create a temporary directory and put your .schema file in it.
mkdir /tmp/schema
- Create a minimal slapd.conf file containing only an include of the new schema file
cd /tmp/schema cp /etc/openldap/slapd.conf /tmp/slapd.conf.schema Vim slapd.conf.schemaname
Comment everything out Add the following line: include /tmp/schema/schemaname.schema
You'll need to include any other schemas that your to-be-converted schema depends on, as well.
Good point- I’ve probably been fortunate that the only times I’ve had to add a schema to an existing setup the dependencies have already been there (e.g. edumember ) or there weren’t any.
Generate the schema file using slaptest while in the /tmp/schema directory : /usr/local/authz/sbin/slaptest -f slapd.conf.schemaname -F .
This is the usual procedure for converting an entire configuration. If you only want to convert some schema, just use:
slapcat -f slapd.conf.schemaname -F /tmp/schema -n0 -s cn=schema,cn=config
Yep that’s a bit cleaner than using slaptest as it won’t output a whole directory structure though you’d still have to do a bit of pruning of the default cn=schema,cn=config stuff to get it to a state suitable for ldapadd’ing to a live system.
The manpages already document that any of the slap* tools can be used to perform a conversion. You would know this if you read them.
If the conversion process succeeded you should now have a cn=config/cn=schema directory.
Your conversion creates a slapd config database. As already stated countless times, slapd database internal formats are subject to change without notice. You should not be poking at the contents of any files within a slapd database unless you really know what you're doing. If you're asking these types of questions on this list, by definition you don't know what you're doing.
Use the slapcat output to get the contents of a slapd database. This is why the tool exists.
Well strictly speaking it creates a temporary, minimal config database purely for the purpose of generating the contents of the cn=schema directory. You’re preaching to the converted about manually hacking the config files by hand as even a trailing space can stop your setup from loading and having some sanity checking at the point of making a modification to cn=config is really useful. However I get your point that a newbie might not appreciate the distinction between messing around with the contents of this temp cn=config directory and their own live one.
On 20 Sep 2014, at 07:17, Abhishek koserwal abhishek.koserwal@gmail.com wrote:
Hi,
I need some reference material regarding "How to configure customize schema" in OpenLdap2.4.x. I have some schema files of version 2.3<, when slapd.conf were used. I am want to import those schema into new Openldap.2.4.39 . I have gone through Admin guide tried some methods but, I didn't get much help from it. Kindly help me or whom should I contact or any specific materials.
Thank You, Abhishek koserwal,
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Hi!
So if I understand you correctly, slaptest can convert an LDAP schema to a config LDIF. I wonder whether there'sa more direct way to do the conversion. Anyone?
Regards, Ulrich
Mark Cairney mark.cairney@ed.ac.uk schrieb am 20.09.2014 um 12:54 in
Nachricht CED9AC1D-CEC3-41A6-806D-B3240DE72F19@ed.ac.uk:
Hi,
Coincidentally I was adding a flat .schema file to my cn=config setup yesterday, here’s my (rather brief) notes on the conversion process:
- Create a temporary directory and put your .schema file in it.
mkdir /tmp/schema
- Create a minimal slapd.conf file containing only an include of the new
schema file
cd /tmp/schema cp /etc/openldap/slapd.conf /tmp/slapd.conf.schema Vim slapd.conf.schemaname
Comment everything out Add the following line: include /tmp/schema/schemaname.schema
Generate the schema file using slaptest while in the /tmp/schema directory
:
/usr/local/authz/sbin/slaptest -f slapd.conf.schemaname -F .
If the conversion process succeeded you should now have a cn=config/cn=schema directory. In order to “ldapadd” it into an existing setup it will need a bit of sanitising. Remove the commented lines and any operational/internal attributes e.g.
structuralObjectClass: olcSchemaConfig entryUUID: dd03fc7a-d4fe-1033-96b0-055318f25a03 creatorsName: cn=config createTimestamp: 20140920104438Z entryCSN: 20140920104438.200261Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20140920104438Z
Modify the dn to be “cn=schemaname,cn=schema,cn=config and remove the ordering {0} bracket from the cn
Finally cd to the new schema location and run: /usr/local/authz/bin/ldapadd -D cn=Manager,cn=config -W -f cn={9}schemaname.ldif
Disclaimer: this is the process that worked for me but there are no doubt other/better ways to do this but slaptest is your friend here.
On 20 Sep 2014, at 07:17, Abhishek koserwal abhishek.koserwal@gmail.com wrote:
Hi,
I need some reference material regarding "How to configure customize
schema"
in OpenLdap2.4.x. I have some schema files of version 2.3<, when slapd.conf
were used. I am want to import those schema into new Openldap.2.4.39 . I
have
gone through Admin guide tried some methods but, I didn't get much help from
it. Kindly help me or whom should I contact or any specific materials.
Thank You, Abhishek koserwal,
/****************************
Mark Cairney ITI UNIX Section Information Services University of Edinburgh
Tel: 0131 650 6565 Email: Mark.Cairney@ed.ac.uk PGP: 0x435A9621
*******************************/
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
openldap-technical@openldap.org
-
Abhishek koserwal -
Howard Chu -
Mark Cairney -
Ulrich Windl