Re: Changing an openLDAP schema programatically

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 03:57 PM 2002-09-16, akpan Zouk wrote:
>Hello all,
>
>I just joined the group. I searched the archives but
>didn't find a 
>solution to my problem. Apologies if it has been
>discussed. Here is the 
>problem:
>
>I have an objectclass thus defined in local.schema
>thus:
> 
>objectclass ( 1.1.1.1.1.1.1.1.1 
>    NAME 'newObjectClass' SUP top STRUCTURAL
>        MUST ( cn )     
>        )
>
>I would like to add attributes to this objectclass,
>but the names of the 
>attributes are known at run-time; i.e. I don't know
>the names of the 
>attributes when I am creating the above objectclass. I
>would there like to 
>change this definition at run time. Does openLDAP
>support this 
>capability?

No, adding attributes to an existing objectclass
would violate the LDAP/X.500 data model.

Instead, you might consider using the
extensibleObject object class which allows
any attribute to be present in entries belonging
to it.


>I tried the following using Novell's Java Library
>connecting to an 
>openLDAP server:
>
>//  add attribute 'userPassword'. Note that 'cn' and 
>// 'userPassword' are already defined in core.schema
>
>String[] requiredAttr = new 
>String[]{"cn","userPassword"};   
>
>LDAPObjectClassSchema newObjclass = new 
>        LDAPObjectClassSchema(
>                 new String[] {"newObjectClass"},
>                 "1.1.1.1.1.1.1.1.1",
>                 new String[]{"top"},
>                 "",
>                 requiredAttr ,
>                 optionalAttr ,
>                 LDAPObjectClassSchema.STRUCTURAL,
>                 false);
>                 
>                 
>try{
>    LDAPSchema schema = new LDAPSchema();
>    schema.modify(newObjclass);
>    schema.saveSchema(ldapConnection);
> } catch (LDAPException e){
>    e.printStackTrace();
> }
>
>
>I got an "unwillingToPerform exception"!!. Any ideas
>why this 
>happens?

Because OpenLDAP doesn't support subschema modification.