Hi,
What is a proper set of actions to add attribute via cn=config to custom schema, also add attribute to custom objectclass?
My way: 1. Add attribute 2. Delete old objectlass definition 3. Add new objectClass with new attribute included
What if I have 100 objectClasses, and want replace only 1? I am in trouble to do this on Debian wheezy, slapd 2.4.31.
My test.ldif: ------------------------------------------ dn: cn={8}ktuEduPerson,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Let's add the attribute:
$ ldapmodify ... -f test.ldif Enter LDAP Password: modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config" ldap_modify: No such object (32)
$
Ooops, something went wrong, but cn=config sees this attribute:
$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni Enter LDAP Password: olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP ... $
But in case of VM/slapd restart, my macaroni attribute will be gone:
$ sudo grep -iR macaroni /etc/ldap/slapd.d/ $
Access rights of process and config files are ok. Changing lets say olcLogLevel works fine, config is synced.
Am I the only one in the world facing this problem? Or I should fill 69th bug on slapd in Debian? Is slapd package usable in Debian for something bigger than kindergarden? And yes, I know about "Why is using the OpenLDAP server from a Linux distribution not recommended?".
Hi,
I've done this frequently - just create an LDIF file for ldapmodify which adds the new attribute type and replaces the object class definition. There's no need to delete the object class and add it again in my experience.
Chris
Date: Fri, 7 Feb 2014 16:55:03 +0200 From: nerijus.kislauskas@ktu.lt To: openldap-technical@openldap.org Subject: Proper way to configure custom schemas
Hi,
What is a proper set of actions to add attribute via cn=config to custom schema, also add attribute to custom objectclass?
My way:
- Add attribute
- Delete old objectlass definition
- Add new objectClass with new attribute included
What if I have 100 objectClasses, and want replace only 1? I am in trouble to do this on Debian wheezy, slapd 2.4.31.
My test.ldif:
dn: cn={8}ktuEduPerson,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Let's add the attribute:
$ ldapmodify ... -f test.ldif Enter LDAP Password: modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config" ldap_modify: No such object (32)
$
Ooops, something went wrong, but cn=config sees this attribute:
$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni Enter LDAP Password: olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP ... $
But in case of VM/slapd restart, my macaroni attribute will be gone:
$ sudo grep -iR macaroni /etc/ldap/slapd.d/ $
Access rights of process and config files are ok. Changing lets say olcLogLevel works fine, config is synced.
Am I the only one in the world facing this problem? Or I should fill 69th bug on slapd in Debian? Is slapd package usable in Debian for something bigger than kindergarden? And yes, I know about "Why is using the OpenLDAP server from a Linux distribution not recommended?". -- Sincerely, Nerijus Kislauskas KTU ITD, Litnet valdymo centras Studentu g. 48a - 101, Kaunas tel.: (8~37) 30 06 45 mob. tel.: 8-614-93889 e-mail.: nerijus.kislauskas@ktu.lt
On 02/07/2014 05:50 PM, Chris Card wrote:
Hi,
I've done this frequently - just create an LDIF file for ldapmodify which adds the new attribute type and replaces the object class definition. There's no need to delete the object class and add it again in my experience.
This works perfectly with 1 objectClass. How about 100? 1000? 1 million? In such scenarios 1) remove old and 2) add new objectClas+extras looks the only way.
Why newest slapd can not be added to Debian wheezy-updates or backports repository? Wheezy-updates is used for packages with frequent changes. slapd perfectly fits in it. Why Debian slapd package maintainers tries to make my life already difficult more harder? Even Debian unstable (sid) holds 2.4.31. Does anybody know what are they doing? What is their goal?
--On Wednesday, February 12, 2014 4:11 PM +0200 Nerijus Kislauskas nerijus.kislauskas@ktu.lt wrote:
Why newest slapd can not be added to Debian wheezy-updates or backports repository? Wheezy-updates is used for packages with frequent changes. slapd perfectly fits in it. Why Debian slapd package maintainers tries to make my life already difficult more harder? Even Debian unstable (sid) holds 2.4.31. Does anybody know what are they doing? What is their goal?
Your question is for Debian, not the OpenLDAP list. I suggest you read over https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725091 for details on their view about why they are happy to continually release broken packages for their consumers.
No one sane uses the packages from Debian/Ubuntu. If you want sanely built pacakges, use the ones from the LTB project or Symas.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 02/12/2014 05:10 PM, Quanah Gibson-Mount wrote:
Your question is for Debian, not the OpenLDAP list. I suggest you read over https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725091 for details on their view about why they are happy to continually release broken packages for their consumers.
No one sane uses the packages from Debian/Ubuntu. If you want sanely built pacakges, use the ones from the LTB project or Symas.
Thanks to you, I found this link:
https://ltb-project.org/wiki/documentation/openldap-deb
As I remember, not so long ago (year or two) there was only packages for Red Hat/CentOS/Suse?. Debian packagers have a slap in their face. I think in nearly future we will plan a migration to your provided packages. Thanks for your work.
This is exactly the problem I was having, openldap is returning an error and still doing the modification, looks a lot like a bug.
See the log attached.
(This on debian wheezy with sldapd 2.4.31-1+nmu2)
Côme
On 2014-02-07 15:55, Nerijus Kislauskas wrote:
Hi,
What is a proper set of actions to add attribute via cn=config to custom schema, also add attribute to custom objectclass?
My way:
- Add attribute
- Delete old objectlass definition
- Add new objectClass with new attribute included
What if I have 100 objectClasses, and want replace only 1? I am in trouble to do this on Debian wheezy, slapd 2.4.31.
My test.ldif:
dn: cn={8}ktuEduPerson,cn=schema,cn=config changetype: modify add: olcAttributeTypes olcAttributeTypes: ( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP attribute for macaroni' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Let's add the attribute:
$ ldapmodify ... -f test.ldif Enter LDAP Password: modifying entry "cn={8}ktuEduPerson,cn=schema,cn=config" ldap_modify: No such object (32)
$
Ooops, something went wrong, but cn=config sees this attribute:
$ ldapsearch ... "cn={8}ktuEduPerson,cn=schema,cn=config" | grep macaroni Enter LDAP Password: olcAttributeTypes: {41}( ktuAttributeType:36 NAME 'macaroni' DESC 'LDAP ... $
But in case of VM/slapd restart, my macaroni attribute will be gone:
$ sudo grep -iR macaroni /etc/ldap/slapd.d/ $
Access rights of process and config files are ok. Changing lets say olcLogLevel works fine, config is synced.
Am I the only one in the world facing this problem? Or I should fill 69th bug on slapd in Debian? Is slapd package usable in Debian for something bigger than kindergarden? And yes, I know about "Why is using the OpenLDAP server from a Linux distribution not recommended?".
--On Monday, February 10, 2014 9:35 AM +0100 Côme BERNIGAUD come.bernigaud@opensides.be wrote:
This is exactly the problem I was having, openldap is returning an error and still doing the modification, looks a lot like a bug.
See the log attached.
(This on debian wheezy with sldapd 2.4.31-1+nmu2)
Issues reported about ancient completely flawed and broken bugs are going to be ignored. I strongly advise getting a build that is known to be good (I.e., avoid the crap distributed by Debian).
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Chris Card -
Côme BERNIGAUD -
Nerijus Kislauskas -
Quanah Gibson-Mount