[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Loading LDAP schema files into cn=config

To: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
Subject: Re: Loading LDAP schema files into cn=config
From: Howard Chu <hyc@symas.com>
Date: Wed, 29 Jun 2011 04:59:24 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <4E0B0E60.2050909@siriusit.co.uk>
References: <4E0AFDB9.7090208@siriusit.co.uk> <4E0B0588.6070305@symas.com> <4E0B0E60.2050909@siriusit.co.uk>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110612 Firefox/7.0a1 SeaMonkey/2.4a1

Mark Cave-Ayland wrote:

On 29/06/11 11:59, Howard Chu wrote:

Having started to look at the changes required to migrate from a
slapd.conf setup to a cn=config setup, one of things I'm struggling with
is how to load new LDAP schemas into cn=config.

I've seen the guides similar to this one here:
http://blogger.ziesemer.com/2011/01/ldap-authentication-for-samba.html
which suggest hacking together a temporary slapd.conf file containing
just the include directives, run slaptest, and then hack the output so
that it can be loaded into cn=config using ldapadd.


His step 1 and 2 were fine. Everything after that is garbage.

1: schemaConvert.conf
####
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include samba.schema
####

2: slaptest
mkdir config&&  slaptest -f schemaConvert.conf -F config

3: slapcat

slapcat -F config -n0 -s cn=schema,cn=config

and all of your converted schema will pop out, ready to be slapadd'd or
ldapadd'd anywhere else.


Hi Howard,

Thanks for the response - this makes a bit more sense now. Just to
clarify another point: when you generate schemaConvert.conf, I guess
that you need to include *all* schemas in your current cn=config
matching the existing order, as well as the new one you are trying to add?

Obviously the config file has to be valid; any schema that the ones you'reconverting depend on must be loaded.

Also that begs another question: what happens if you want to modify an
existing schema, e.g. if I need to hack a schema by hand and reload it
into openldap so that it takes effect? Normally I would change the
schema file on disk, restart slapd and it would just work.

I frankly can't believe that you just asked that question. cn=config is anLDAP database. When you want to change its contents, you use ldapmodify. Ittakes effect immediately and there is no need to restart the server.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Loading LDAP schema files into cn=config
  - From: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
- pcache + back-sql
  - From: Chris Card <ctcard@hotmail.com>

References:
- Loading LDAP schema files into cn=config
  - From: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>
- Re: Loading LDAP schema files into cn=config
  - From: Howard Chu <hyc@symas.com>
- Re: Loading LDAP schema files into cn=config
  - From: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>

Prev by Date: Re: Loading LDAP schema files into cn=config
Next by Date: Re: Loading LDAP schema files into cn=config
Index(es):
- Chronological
- Thread