Hi again :p
Since there's a lot of posting about attributes and unique overlay then I decided to make it even worse ;)
I'm using OpenLDAP for storing entries which have *inetOrgPerson* as objectclass.
What would be required to switch the "mail" attribute from optional to mandatory ?
Thanks a lot for the support!
Simone
One „quick“ fix could be to change the schema, Or you can create a new schema which meet the requirement. (This is the better solution I think)
Greetings John
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Simone Taliercio Gesendet: Dienstag, 25. August 2015 16:45 An: openldap-technical@openldap.org Betreff: Mail attribute: how to make it mandatory.
Hi again :p Since there's a lot of posting about attributes and unique overlay then I decided to make it even worse ;) I'm using OpenLDAP for storing entries which have inetOrgPerson as objectclass. What would be required to switch the "mail" attribute from optional to mandatory ? Thanks a lot for the support! Simone
2015-08-26 6:45 GMT+02:00 Fischer, Johannes < johannes.fischer@ipa.fraunhofer.de>:
One „quick“ fix could be to change the schema,
Or you can create a new schema which meet the requirement. (This is the better solution I think)
Greetings
John
Hi Johannes,
Thanks for the tips.
I thought those were the right solutions. But, in both cases I will need to start to learn from scratch how to do it.
Best, Simone
Hi Simone,
It is not that hard to add a new schema. (for me it’s harder to modify the unique overlays… ;-))
Step by step:
1. Backup the Database
a. ldapsearch -h $host -b $ldaproot -D $admin -w $pswd > $outfile
2. Remove the Database
a. ldapdelete -h $host -x -r -D $admin -w $pswd $ldaproot
3. Remove the Access Rules (save it bevore)
a. ldapmodify -w $pswd -D $backendadmin -h $host -f ./remolcAccess.ldif
4. shut down the Server
a. sudo pkill slapd
5. remove the old schema from “/etc/ldap/schema/" (It is a Ubuntu Server)
a. sudo rm $directory$schema".schema"
6. copy the new schema to the dir (and modify it, if you created your schema with “Apache Directory Studio” Otherwise the file can’t be transferred to the server)
a. sed ':a;N;$!ba;s/\n)/)/g' $schema".schema" > /etc/ldap/schema/$schema.schema
7. Create a dir fort he new files
a. mkdir temp
8. Create the new ldif files fort he server (The config files contain the include paths for your and the standard files [include /etc/ldap/schema/core.schema \n include /etc/ldap/schema/$schema.schema])
a. slaptest -v -f $configfile -F temp
9. Then you need to change some lines in the file
a. gedit './temp/cn=config/cn=schema/cn={1}'$schema'.ldif'
b. change the dn and cn to
dn: cn=$schema,cn=schema,cn=config cn: vfk
and remove the lines:
structuralObjectClass: olcSchemaConfig entryUUID: 94e4e7d8-dac5-1034-91d7-377cd4dc2933 creatorsName: cn=config createTimestamp: 20150819135440Z entryCSN: 20150819135440.534766Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20150819135440Z
10. Backup the schemes
a. mkdir temp/backup cp -R '/etc/ldap/slapd.d/cn=config/cn=schema/*' 'temp/backup'
11. remove the old schemes it is important to replace the X with the next number (You will see what I mean)
a. rm '/etc/ldap/slapd.d/cn=config/cn=schema/cn={X}vfk.ldif'
12. Start the server
a. sudo slapd
13. transfer the schema to the server
a. ldapadd -w $pswd -D $backendadmin -h $host -f 'temp/cn=config/cn=schema/cn={1}'$schema'.ldif' –v
14. transfer the olcAccess back to the server
a. ldapmodify -w $pswd -D $backendadmin -h $host -f ./accessINIT_orga.ldif
15. transfer the DB back to the server
a. ldapadd -D $admin -w $pswd -h $host -f ./$outfile
More infos here: http://www.zytrax.com/books/ldap/ch6/slapd-config.html
Please use this information to build up your own solution for the problem, all the written stuff could also be wrong, but it work for my testServer.
I hope this will help you
Greetings
JOhn
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Simone Taliercio Gesendet: Mittwoch, 26. August 2015 13:36 An: openldap-technical@openldap.org Betreff: Re: Mail attribute: how to make it mandatory.
2015-08-26 6:45 GMT+02:00 Fischer, Johannes <johannes.fischer@ipa.fraunhofer.demailto:johannes.fischer@ipa.fraunhofer.de>: One „quick“ fix could be to change the schema, Or you can create a new schema which meet the requirement. (This is the better solution I think)
Greetings John
Hi Johannes, Thanks for the tips.
I thought those were the right solutions. But, in both cases I will need to start to learn from scratch how to do it. Best, Simone
Hi John,
OhMygGod, you are an angel!
We are in the middle of a release, but I'll try to test your step-by-step guide asap.
I noticed that some steps are suitable for configuration based on the new cn=config. I'm still based on slapd.conf so I would need to rearrange those steps, right ? :)
Thanks A LOT for the support,
Simone
2015-08-27 8:31 GMT+02:00 Fischer, Johannes < johannes.fischer@ipa.fraunhofer.de>:
Hi Simone,
It is not that hard to add a new schema. (for me it’s harder to modify the unique overlays… ;-))
Step by step:
Backup the Databasea. ldapsearch -h $host -b $ldaproot -D $admin -w $pswd > $outfile
Remove the Databasea. ldapdelete -h $host -x -r -D $admin -w $pswd $ldaproot
Remove the Access Rules (save it bevore)a. ldapmodify -w $pswd -D $backendadmin -h $host -f ./remolcAccess.ldif
shut down the Servera. sudo pkill slapd
remove the old schema from “/etc/ldap/schema/" (It is a UbuntuServer)
a. sudo rm $directory$schema".schema"
copy the new schema to the dir (and modify it, if you createdyour schema with “Apache Directory Studio” Otherwise the file can’t be transferred to the server)
a. sed ':a;N;$!ba;s/\n)/)/g' $schema".schema" > /etc/ldap/schema/$schema.schema
Create a dir fort he new filesa. mkdir temp
Create the new ldif files fort he server (The config filescontain the include paths for your and the standard files [include /etc/ldap/schema/core.schema \n include /etc/ldap/schema/$schema.schema])
a. slaptest -v -f $configfile -F temp
Then you need to change some lines in the filea. gedit './temp/cn=config/cn=schema/cn={1}'$schema'.ldif'
b. change the dn and cn to
dn: cn=$schema,cn=schema,cn=config cn: vfk
and remove the lines:
structuralObjectClass: olcSchemaConfig entryUUID: 94e4e7d8-dac5-1034-91d7-377cd4dc2933 creatorsName: cn=config createTimestamp: 20150819135440Z entryCSN: 20150819135440.534766Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20150819135440Z
- Backup the schemes
a. mkdir temp/backup cp -R '/etc/ldap/slapd.d/cn=config/cn=schema/*' 'temp/backup'
- remove the old schemes it is important to replace the X with the
next number (You will see what I mean)
a. rm '/etc/ldap/slapd.d/cn=config/cn=schema/cn={X}vfk.ldif'
- Start the server
a. sudo slapd
- transfer the schema to the server
a. ldapadd -w $pswd -D $backendadmin -h $host -f 'temp/cn=config/cn=schema/cn={1}'$schema'.ldif' –v
- transfer the olcAccess back to the server
a. ldapmodify -w $pswd -D $backendadmin -h $host -f ./accessINIT_orga.ldif
- transfer the DB back to the server
a. ldapadd -D $admin -w $pswd -h $host -f ./$outfile
More infos here: http://www.zytrax.com/books/ldap/ch6/slapd-config.html
Please use this information to build up your own solution for the problem, all the written stuff could also be wrong, but it work for my testServer.
I hope this will help you
Greetings
JOhn
*Von:* openldap-technical [mailto:openldap-technical-bounces@openldap.org] *Im Auftrag von *Simone Taliercio *Gesendet:* Mittwoch, 26. August 2015 13:36 *An:* openldap-technical@openldap.org *Betreff:* Re: Mail attribute: how to make it mandatory.
2015-08-26 6:45 GMT+02:00 Fischer, Johannes < johannes.fischer@ipa.fraunhofer.de>:
One „quick“ fix could be to change the schema,
Or you can create a new schema which meet the requirement. (This is the better solution I think)
Greetings
John
Hi Johannes,
Thanks for the tips.
I thought those were the right solutions. But, in both cases I will need to start to learn from scratch how to do it.
Best,
Simone
openldap-technical@openldap.org
-
Fischer, Johannes -
Simone Taliercio