Hello,
If I've got it right, I can change schema as of OpenLDAP 2.3 directly
by accessing values below cn=Subschema. (E.g. add new objectClasses or
attributeTypes. And maybe also change or delete existing ones?)
I first tried it with an "ordinary" database Manager account like
cn=Manager,o=Example, which resulted in an "invalid per syntax" error.
I then added a "database config" section with "cn=Manager,dc=config."
and tryied to write with this BindDN with same upshot.
ACL slapd.conf equivalent in slapd.d:
access to dn="cn=Subschema"
by dn="cn=Manager,dc=fuckner,dc=net" write
Simple ldif I wanted to write:
$ ldapmodify -x -D "cn=Manager,o=Example" -w secret
dn: cn=Subschema
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.21924.99.1 NAME 'fooObjectClass'
DESC 'Boo' SUP top STRUCTURAL MUST ( cn $ objectclass ) )
ldapmodify anwerd:
modifying entry "cn=Subschema"
ldap_modify: Invalid syntax (21)
additional info: objectClasses: value #0 invalid per syntax
I think there is no error in my class definition. So, where did I made
my mistake? But please: Don't tell me that it's not possible (yet). :-)