Re: Loading LDAP schema files into cn=config

[Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk>]

On 29/06/11 14:42, Howard Chu wrote:

> You only need to load those 4 schema files if your sirius-custom.schema
> file actually depends on all of them. The ordering prefix only needs to
> be {4} if you really need those others to be parsed first. Otherwise the
> prefix can be deleted and the config backend will generate it
> automatically. This is all in the documentation. You should try reading
> it sometime.
>
> http://www.openldap.org/doc/admin24/slapdconf2.html

(cut)

> You're not paying attention. You skipped step 3 of my reply.
>
> And apparently you need to be flamed too.
> http://www.openldap.org/lists/openldap-technical/201106/msg00085.html

Okay - I consider myself flamed on this occasion :) But that still 
doesn't quite get me there:

echo "include /etc/ldap/schema/sirius-custom.schema" > slapd.conf.tmp
mkdir config && slaptest -f slapd.conf.tmp -F config
slapcat -F config/ -n0 -s cn=schema,cn=config > sirius-custom.ldif

That gives me a sirius-custom.ldif which contains both "dn: 
cn=schema,cn=config" and "dn: cn={0}sirius-custom,cn=schema,cn=config" 
which is better - but it's still not something I can directly run 
through ldapadd:

zeno:/tmp# ldapadd -D 'cn=admin,dc=siriusit,dc=co,dc=uk' -f 
sirius-custom.ldif -xW
Enter LDAP Password:
adding new entry "cn=schema,cn=config"
ldap_add: Constraint violation (19)
        additional info: structuralObjectClass: no user modification 
allowed

I don't get much further even if I remove cn=schema,cn=config leaving 
just "dn: cn={0}sirius-custom,cn=schema,cn=config" within the output.

And also the slapcat command above always generates a {0} index for the 
output, so how can I alter the above command so that it omits the index 
so that slapd generates it automatically? And what happens if I 
accidentally add the same schema but with a different index? Does slapd 
consider them to be two different entries?

> > Does that sound correct?
>
> No.
>
> As soon as you use the word "hack" you should realize you're doing
> something wrong. As soon as you use the words "manually update" you
> should realize you're doing something wrong.

I have been honest enough during this thread to admit that I felt I may 
have missed something obvious. But I have to point out that all of the 
Google searches I have done on this topic have returned posts similar to 
the one I pointed you to, which you are saying are wrong.

There is a lot of mis-information out there regarding cn=config but I at 
least I understand that I need to come to the project itself to get some 
answers.

I understand your frustration here, but it will also take some effort on 
behalf of the project to ensure that the documentation can answer 
questions such as mine - I've been using openldap for 3 years now, and 
cn=config still takes some getting used to.

Once we have figured out a basic schema workflow, I am happy to submit a 
documentation patch to help other people such as myself in return for 
your assistance.


ATB,

Mark.

--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs