Hi all,
I'm trying to add/remove schemas dynamically using the cn=config database (using slapd 2.4.23-7.2 on debian stable).
I'm connected to slapd with the SASL/External method as root and I'm able to search but delete breaks:
# ldapdelete -Y EXTERNAL -H ldapi:/// "cn={2}nis,cn=schema,cn=config" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ldap_delete: Server is unwilling to perform (53)
The ACL seems correct to me:
# ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" "olcDatabase={0}config" olcAccess SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: olcDatabase={0}config,cn=config olcAccess: {0}to * by dn.exact=gidNumber=0 +uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break
So is it possible to remove a schema like this ? I should miss something...
Thank you
--On Friday, April 27, 2012 12:45 PM +0200 Jean-Philippe Braun eon@patapon.info wrote:
a) You really should run a current version of OpenLDAP for numerous reasons.
So is it possible to remove a schema like this ? I should miss something...
b) there is no delete support in OL 2.4 for dynamic config. You can achieve this by:
stopping slapd using slapcat to export the dynamic config to LDIF Modifying the LDIF export to remove the schema in question Remove (or rename) your old dynamic config directory slapadd the updated LDIF start slapd
There cannot be any entries in your databases using that schema.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
--On Friday, April 27, 2012 7:46 PM +0200 Jean-Philippe Braun eon@patapon.info wrote:
There is experimental support for delete operations in the config database in later versions of OpenLDAP 2.4 if you explicitly enable it at build time. I would already advise you to upgrade to a current release, given the antiquated nature of what you're currently running, so if you wanted to experiment with said support, you could enable it when you upgraded.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org