LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-28-2009, 06:10 AM   #1
cviniciusm
LQ Newbie
 
Registered: Apr 2005
Posts: 20

Rep: Reputation: 0
Question How to add a new schema to openldap 2.4.11 ?


Hello,

openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .

How to add a new schema to openldap 2.4.11 that uses cn=config, please?


TIA,
cviniciusm.
 
Old 01-28-2009, 07:57 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,970

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi and welcome to LQ.
Quoting from this guie:
Quote:
Adding additional schemas to slapd requires the schema to be converted to LDIF format. Fortunately, the slapd program can be used to automate the conversion. The following example will add the misc.schema:

1. First, create a conversion schema_convert.conf file containing the following lines:

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema

2. Next, create a temporary directory to hold the output:

mkdir /tmp/ldif_output

3. Now using slaptest convert the schema files to LDIF:

slaptest -f schema_convert.conf -F /tmp/ldif_output

Adjust the configuration file name and temporary directory names if yours are different. Also, it may be worthwhile to keep the ldif_output directory around in case you want to add additional schemas in the future.

4. Edit the /tmp/ldif_output/cn=config/cn=schema/cn={8}misc.ldif file, changing the following attributes:

dn: cn=misc,cn=schema,cn=config
...
cn: misc

And remove the following lines from the bottom of the file:

structuralObjectClass: olcSchemaConfig
entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
creatorsName: cn=config
createTimestamp: 20080826021140Z
entryCSN: 20080826021140.791425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080826021140Z

[Note]

The attribute values will vary, just be sure the attributes are removed.

5. Finally, using the ldapadd utility, add the new schema to the directory:

ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif

There should now be a dn: cn={4}misc,cn=schema,cn=config entry in the cn=config tree.
 
Old 01-28-2009, 10:49 AM   #3
cviniciusm
LQ Newbie
 
Registered: Apr 2005
Posts: 20

Original Poster
Rep: Reputation: 0
Hello,

Thanks for the reply.

I have seen this tutorial before, I followed it, but it doesn't work.

# ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed

OR

# ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
Enter LDAP Password:
adding new entry "cn=misc"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge

I'm using Ubuntu 8.10 .

I want to include rfc2307bis.schema and exclude nis.schema due to egroupware advice.


Any ideas, please?


Regards,
cviniciusm.
 
Old 01-28-2009, 01:34 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,970

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
# ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed
This is because you didn't provide a password
Quote:
# ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
Enter LDAP Password:
adding new entry "cn=misc"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
Make sure that the dn (cn=admin,cn=config) and the password you use are correct.
Also make sure you've remove the last lines from the ldif as mentioned in the guide.
Also you said you want to add rfc2307bis.schema, but you're trying to add the misc.schema as in the example.
You can use ldapbrowser to manage the ldapserver.

Cheers

Last edited by bathory; 01-28-2009 at 02:05 PM.
 
Old 01-28-2009, 01:57 PM   #5
cviniciusm
LQ Newbie
 
Registered: Apr 2005
Posts: 20

Original Poster
Rep: Reputation: 0
Hello,

The second example uses the correct password, as showed.

I used the misc.schema to test the tutorial, so I think the tutorial doesn't work with Ubuntu 8.10 and OpenLDAP 2.4.11 . So, it will fail with my purpose.

I'm searching the Internet a month and not found the solution, yet.

The ldapbrowser is a GUI. I'm using openldap on a server without GUI and with loopback address.

Cheers.
 
Old 01-28-2009, 02:29 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,970

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
I used the misc.schema to test the tutorial, so I think the tutorial doesn't work with Ubuntu 8.10 and OpenLDAP 2.4.11 . So, it will fail with my purpose.
The guide is written for Ubuntu 8.10 and the openldap version I don't think it's important.
Anyway you are not going to succeed with the misc.schema. I guess you'll get a "Duplicate entry..." or "Already exists..." error. Try to add directly the rfc2307bis.schema you want.
Another thing to pay attention is to edit the ldif and use the correct dn and cn values for the entry you want to add. In the misc.schema example you must have:
Code:
dn: cn=misc,cn=schema,cn=config
...
cn: misc
 
Old 01-28-2009, 08:49 PM   #7
cviniciusm
LQ Newbie
 
Registered: Apr 2005
Posts: 20

Original Poster
Rep: Reputation: 0
Hello,

The item 4 on https://help.ubuntu.com/8.10/serverg...ap-server.html is not clear. The output of previous step (for the misc.ldif) has "dn: cn={8}misc". So I changed it to "dn: cn=misc,cn=schema,cn=config" as you pointed it. It worked fine.

I think it's more clear to say:
4. edit the misc{8}.ldif:
"dn: cn={8}misc" to "dn: cn=misc,cn=schema,cn=config".
...

Thanks a lot.
 
Old 05-06-2009, 03:32 AM   #8
ketzaldev
LQ Newbie
 
Registered: May 2009
Posts: 4

Rep: Reputation: 0
Hi All, I'm working on rfc2703bis too, but I cannot add this schema on openldap because nis schema is still inside...

cviniciusm, did you find a solution to insert this schema on openldap?

Thanks
Ket'
 
Old 11-25-2009, 11:35 AM   #9
RobotiXminD
LQ Newbie
 
Registered: Nov 2009
Posts: 3

Rep: Reputation: 0
hello guys,

I am also working on openldap + samba on ubuntu 8.10 using the guide.

But i am also stuck on the point where it says
ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{12\}misc.ldif


for me it says
/tmp/ldif_output/cn=config/cn=schema/cn={12}misc.ldif: No such file or directory


If i create file cn={12}misc.ldif manually and ran the command it says
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed


Please help me in this regard, I am badly stuck !
 
Old 11-26-2009, 04:22 AM   #10
ketzaldev
LQ Newbie
 
Registered: May 2009
Posts: 4

Rep: Reputation: 0
Heyy

Don't create cn={12}misc.ldif manually, it's not the good way.

Check the rights for cn=config... maybe you need to be root...


This command shoud create the file:
slaptest -f schema_convert.conf -F /tmp/ldif_output

If not, you had a problem before...
 
Old 06-16-2011, 03:36 PM   #11
berrance
Member
 
Registered: Aug 2004
Location: Hull - England
Distribution: Ubunto and slowly switching to debian
Posts: 308

Rep: Reputation: 30
OK I know this is old but I too am having troubles wit this.

I am currently setting up a new LDAP server to migrate my old one to.

I get to this point

Code:
ldapadd -x -D "cn=admin,cn=config" -W -f /etc/ldap/schema/output/cn\=config/cn\=schema/cn\=\{4\}samba.ldif
I enter the password I set during installation of openldap and I get an invalid credentials message

I assume that cn=admin,cn=config is correct. I have also tried cn=admin,dc=mydomain but I get this

Code:
root@sullivan:/etc/ldap/schema# ldapadd -x -D "cn=admin,dc=berrancenetworks,dc=local" -W -f /etc/ldap/schema/output/cn\=config/cn\=schema/cn\=\{4\}samba.ldif 
Enter LDAP Password: 
adding new entry "cn=samba,cn=schema,cn=config"
ldap_add: Insufficient access (50)
Its been a few years since Iast set up ldap up so I have forgotten a few things plus all the config is now done in ldif format, so I am a little miffed to say the least.

(edit)

Forgot to add I am on Debian 6.0.1 and using OpenLDAP 2.4.27-7

Berrance

Last edited by berrance; 06-16-2011 at 03:37 PM.
 
Old 07-19-2011, 04:55 PM   #12
daniela1611
LQ Newbie
 
Registered: May 2010
Location: Venezuela
Posts: 14

Rep: Reputation: 1
Hi! I'm getting the exact same Error message as berrance, did you find out how to solve it?

Thanks a lot in advance

Daniela
 
Old 07-25-2011, 06:36 PM   #13
daniela1611
LQ Newbie
 
Registered: May 2010
Location: Venezuela
Posts: 14

Rep: Reputation: 1
Hi all!

If anyone still needs help with this, I added my schema, this is how I did it: (I'm running openldap 2.4.23-7.2 over debian6) It's pretty much the same as bathory says, but I'm gonna write everything I did, just in case

vim /tmp/borrame.conf
(this is what goes in the file)

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema

mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d

Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:

And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif

I hope this helps,

Daniela
 
1 members found this post helpful.
Old 08-31-2011, 04:05 AM   #14
juoki
LQ Newbie
 
Registered: Aug 2011
Distribution: Debian
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by daniela1611 View Post
Hi all!

If anyone still needs help with this, I added my schema, this is how I did it: (I'm running openldap 2.4.23-7.2 over debian6) It's pretty much the same as bathory says, but I'm gonna write everything I did, just in case

vim /tmp/borrame.conf
(this is what goes in the file)

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema

mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d

Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:

And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif

I hope this helps,

Daniela
THAT guide works.
Muchas gracias Daniela, you saved my life.
 
Old 04-30-2012, 07:11 AM   #15
Korfio
LQ Newbie
 
Registered: Apr 2012
Posts: 1

Rep: Reputation: Disabled
Smile This sed script should help

I know it's been months since this was answered, but here goes a sed script to do this copy-paste style.

I used:
Code:
cd <your dir where the generated .ldif files are>
mkdir fixed
for f in *ldif; do sed -rf fixit.sed "$f" > fixed/$f; done
These are the contents of fixit.sed
Code:
s~dn: cn=\{([0-9]+)\}(.*)$~dn: cn=\2,cn=schema,cn=config~g
s~cn: \{([0-9]+)\}(.*)$~cn: \2~g
s~^(structuralObjectClass|entryUUID|creatorsName|createTimestamp|entryCSN|modifiersName|modifyTimestamp):.*$~~g
This provides a directory "fixed" with the corrected ldif's ready for ldapadd.

Last edited by Korfio; 04-30-2012 at 07:22 AM.
 
  


Reply

Tags
openldap, schema


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add Samba schema files in openLDAP version 2.4.11 jax8 Linux - Server 0 12-23-2008 01:56 AM
active directory schema for OpenLDAP paul_mat Linux - Networking 4 08-04-2008 06:00 AM
Add /etc/group to openldap leiw Linux - General 0 11-03-2006 04:46 AM
can I add a new schema to a running ldap server procfs Linux - Software 1 08-15-2006 11:32 PM
OpenLDAP schema for mail (postfix/sendmail/...) nielchiano Linux - Software 0 02-15-2004 10:54 AM


All times are GMT -5. The time now is 08:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration