Hello,
I'm trying to find out the correct way to completely remove an attribute from an existing LDAP database. So far, I've been doing the following:
- Deleting this attribute from all existing entries in the directory:
ldapsearch -Y EXTERNAL -H ldapi:/// \ -b o=root '(toRemove=*)' dn -LLL | \ sed 's/^dn: (.*)$/dn: \1\nchangetype: modify\ndelete: toRemove/' | \ ldapmodify -Y EXTERNAL -H ldapi:///
- Removing all references to this attribute from the configuration (schema, index, ACLs, ...)
My problem is that slapschema still throws an error about this attribute:
6669bbb2 UNKNOWN attributeDescription "TOREMOVE" inserted.
I have double-checked and there are no references to this attribute in a database dump.
In this situation, a dump/restore solves the problem, but this requires a service interruption that I would like to avoid.
Do you have any ideas on how to work around this issue?
Regards,
Benjamin Renard wrote:
Hello,
I'm trying to find out the correct way to completely remove an attribute from an existing LDAP database. So far, I've been doing the following:
- Deleting this attribute from all existing entries in the directory:
ldapsearch -Y EXTERNAL -H ldapi:/// \ -b o=root '(toRemove=*)' dn -LLL | \ sed 's/^dn: (.*)$/dn: \1\nchangetype: modify\ndelete: toRemove/' | \ ldapmodify -Y EXTERNAL -H ldapi:///
- Removing all references to this attribute from the configuration (schema, index, ACLs, ...)
My problem is that slapschema still throws an error about this attribute:
6669bbb2 UNKNOWN attributeDescription "TOREMOVE" inserted.
That is a warning, not an error.
I have double-checked and there are no references to this attribute in a database dump.
back-mdb maintains an internal table of attribute names to IDs, and there is no function to purge old attribute names from this internal table.
In this situation, a dump/restore solves the problem, but this requires a service interruption that I would like to avoid.
Do you have any ideas on how to work around this issue?
If you can't afford the downtime, ignore it. It's harmless. Otherwise a full dump/restore is the only solution.
Regards,
Hello,
Le 13/06/2024 à 16:12, Howard Chu a écrit :
Benjamin Renard wrote:
Hello,
I'm trying to find out the correct way to completely remove an attribute from an existing LDAP database. So far, I've been doing the following:
- Deleting this attribute from all existing entries in the directory:
ldapsearch -Y EXTERNAL -H ldapi:/// \ -b o=root '(toRemove=*)' dn -LLL | \ sed 's/^dn: (.*)$/dn: \1\nchangetype: modify\ndelete: toRemove/' | \ ldapmodify -Y EXTERNAL -H ldapi:///
- Removing all references to this attribute from the configuration (schema, index, ACLs, ...)
My problem is that slapschema still throws an error about this attribute:
6669bbb2 UNKNOWN attributeDescription "TOREMOVE" inserted.
That is a warning, not an error.
I have double-checked and there are no references to this attribute in a database dump.
back-mdb maintains an internal table of attribute names to IDs, and there is no function to purge old attribute names from this internal table.
In this situation, a dump/restore solves the problem, but this requires a service interruption that I would like to avoid.
Do you have any ideas on how to work around this issue?
If you can't afford the downtime, ignore it. It's harmless. Otherwise a full dump/restore is the only solution.
OK, thanks for your return.
PS : I monitor the slapschema output to be aware of any change in schema that does not fit with directory data to avoid any problem in case we have to restore dump for instance.
openldap-technical@openldap.org
-
Benjamin Renard -
Howard Chu