Hi,
I have an openldap server running and being used day to day for authentication.
I developped a small schema, and all is working fine.
Only I just noticed that in the definition of the object class, I ussed the OID 9999 instead of my own enterprise number:
objectclass ( 1.3.6.1.4.1.9999.2.1.1
Should be
objectclass ( 1.3.6.1.4.1.26754.4.1.1
I beleive I cannot just stop slapd, correct the schema and restart slapd.
What would be the clean way to proceed to a schema upgrade?
As this is a production server, I cannot afford to break it.
Bestregards,
Olivier
Olivier Nicole wrote:
I beleive I cannot just stop slapd, correct the schema and restart slapd.
Yes, this is possible with OpenLDAP when changing the OID of a schema description since OIDs are not used to store data in the database. You would have to export your database with slapcat, sanitize the LDIF and re-import with changing a NAME of a schema description.
Ciao, Michael.
Hi Michael,
I beleive I cannot just stop slapd, correct the schema and restart slapd.
Yes, this is possible with OpenLDAP when changing the OID of a schema description since OIDs are not used to store data in the database. You would have to export your database with slapcat,
OK, easy enought.
sanitize the LDIF and
I am not sure what I need to sanitize, because if I change the OID number, I will not change the name of the objectclass, not the name of the attribute.
re-import with changing a NAME of a schema description.
Ditto, I am not sure about changing the name there.
Best regards,
Olivier
Olivier Nicole wrote:
Hi Michael,
I beleive I cannot just stop slapd, correct the schema and restart slapd.
Yes, this is possible with OpenLDAP when changing the OID of a schema description since OIDs are not used to store data in the database. You would have to export your database with slapcat,
OK, easy enought.
Just to make it very clear: If you solely change the OID and don't change the NAME of a schema description you don't have to do anything with OpenLDAP's slapd. Just restart. Note that other directory server implementations might behave differently.
sanitize the LDIF and
I am not sure what I need to sanitize, because if I change the OID number, I will not change the name of the objectclass, not the name of the attribute.
Yes, this was only meant when changing the NAME.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Olivier Nicole