I've read that OpenLDAP supports runtime schema modifications but I can't figure out the extensiveness of this feature. On Sun's page ( http://java.sun.com/products/jndi/tutorial/ldap/schema/object.html under the header "Adding a New Object Class") it's telling me that OpenLDAP does not support this kind of modification. When I try the code on that page, I run into
Exception in thread "main" javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClasses: value #0 invalid per syntax]; remaining name ''
And in the syslog I noticed this
Apr 24 15:38:14 localhost slapd[6532]: daemon: read activity on 12 Apr 24 15:38:14 localhost slapd[6532]: connection_get(12) Apr 24 15:38:14 localhost slapd[6532]: connection_get(12): got connid=14 Apr 24 15:38:14 localhost slapd[6532]: connection_read(12): checking for input on id=14 Apr 24 15:38:14 localhost slapd[6540]: do_modify Apr 24 15:38:14 localhost slapd[6540]: do_modify: dn (cn=Subschema) Apr 24 15:38:14 localhost slapd[6540]: => get_ctrls Apr 24 15:38:14 localhost slapd[6540]: => get_ctrls: oid="2.16.840.1.113730.3.4.2" (noncritical) Apr 24 15:38:14 localhost slapd[6532]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Apr 24 15:38:14 localhost slapd[6540]: <= get_ctrls: n=1 rc=0 err="" Apr 24 15:38:14 localhost slapd[6540]: >>> dnPrettyNormal: <cn=Subschema> Apr 24 15:38:14 localhost slapd[6540]: <<< dnPrettyNormal: <cn=Subschema>, <cn=subschema> Apr 24 15:38:14 localhost slapd[6540]: send_ldap_result: conn=14 op=3 p=3 Apr 24 15:38:14 localhost slapd[6540]: send_ldap_result: err=21 matched="" text="objectClasses: value #0 invalid per syntax" Apr 24 15:38:14 localhost slapd[6540]: send_ldap_response: msgid=4 tag=103 err=21 Apr 24 15:38:14 localhost slapd[6540]: conn=14 op=3 RESULT tag=103 err=21 text=objectClasses: value #0 invalid per syntax Apr 24 15:38:14 localhost slapd[6532]: daemon: select: listen=6 active_threads=0 tvp=NULL Apr 24 15:38:14 localhost slapd[6532]: daemon: activity on 1 descriptor Apr 24 15:38:14 localhost slapd[6532]: daemon: activity on: Apr 24 15:38:14 localhost slapd[6532]: 13r
Does OpenLDAP allow programmic (hopefully but necessarily Java) schema changes at runtime?
Jimmy Liang wrote:
I've read that OpenLDAP supports runtime schema modifications but I can't figure out the extensiveness of this feature. On Sun's page (http://java.sun.com/products/jndi/tutorial/ldap/schema/object.html under the header "Adding a New Object Class") it's telling me that OpenLDAP does not support this kind of modification.
That page is half right. OpenLDAP does not allow direct modification of the subschema subentry. In OpenLDAP 2.3 you can add new schema elements by adding them under the "cn=schema,cn=config" branch (but you cannot modify existing schema). In OpenLDAP 2.4 you can add/delete/modify schema using cn=config.
When I try the code on that page, I run into
Exception in thread "main" javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClasses: value #0 invalid per syntax]; remaining name ''
It appears that your request contained invalid data. This check occurs pretty early, before the server even checks whether you're able to make the change.
Does OpenLDAP allow programmic (hopefully but necessarily Java) schema changes at runtime?
Yes, but you have to provide valid data first.
openldap-technical@openldap.org
-
Howard Chu -
Jimmy Liang