How to add a new schema to openldap 2.4.11 ?

cviniciusm · 01-28-2009, 06:10 AM

Hello,

openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .

How to add a new schema to openldap 2.4.11 that uses cn=config, please?

TIA,
cviniciusm.

bathory · 01-28-2009, 07:57 AM

Hi and welcome to LQ.
Quoting from this guie:

Quote:

Adding additional schemas to slapd requires the schema to be converted to LDIF format. Fortunately, the slapd program can be used to automate the conversion. The following example will add the misc.schema:

1. First, create a conversion schema_convert.conf file containing the following lines:

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema

2. Next, create a temporary directory to hold the output:

mkdir /tmp/ldif_output

3. Now using slaptest convert the schema files to LDIF:

slaptest -f schema_convert.conf -F /tmp/ldif_output

Adjust the configuration file name and temporary directory names if yours are different. Also, it may be worthwhile to keep the ldif_output directory around in case you want to add additional schemas in the future.

4. Edit the /tmp/ldif_output/cn=config/cn=schema/cn={8}misc.ldif file, changing the following attributes:

dn: cn=misc,cn=schema,cn=config
...
cn: misc

And remove the following lines from the bottom of the file:

structuralObjectClass: olcSchemaConfig
entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
creatorsName: cn=config
createTimestamp: 20080826021140Z
entryCSN: 20080826021140.791425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080826021140Z

[Note]

The attribute values will vary, just be sure the attributes are removed.

5. Finally, using the ldapadd utility, add the new schema to the directory:

ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif

There should now be a dn: cn={4}misc,cn=schema,cn=config entry in the cn=config tree.

cviniciusm · 01-28-2009, 10:49 AM

Hello,

Thanks for the reply.

I have seen this tutorial before, I followed it, but it doesn't work.

# ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed

OR

# ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
Enter LDAP Password:
adding new entry "cn=misc"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge

I'm using Ubuntu 8.10 .

I want to include rfc2307bis.schema and exclude nis.schema due to egroupware advice.

Any ideas, please?

Regards,
cviniciusm.

bathory · 01-28-2009, 01:34 PM

Quote:

# ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed

This is because you didn't provide a password

Quote:

# ldapadd -x -D cn=admin,cn=config -W -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{8\}misc.ldif
Enter LDAP Password:
adding new entry "cn=misc"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge

Make sure that the dn (cn=admin,cn=config) and the password you use are correct.
Also make sure you've remove the last lines from the ldif as mentioned in the guide.
Also you said you want to add rfc2307bis.schema, but you're trying to add the misc.schema as in the example.
You can use ldapbrowser to manage the ldapserver.

Cheers

cviniciusm · 01-28-2009, 01:57 PM

Hello,

The second example uses the correct password, as showed.

I used the misc.schema to test the tutorial, so I think the tutorial doesn't work with Ubuntu 8.10 and OpenLDAP 2.4.11 . So, it will fail with my purpose.

I'm searching the Internet a month and not found the solution, yet.

The ldapbrowser is a GUI. I'm using openldap on a server without GUI and with loopback address.

Cheers.

bathory · 01-28-2009, 02:29 PM

Quote:

I used the misc.schema to test the tutorial, so I think the tutorial doesn't work with Ubuntu 8.10 and OpenLDAP 2.4.11 . So, it will fail with my purpose.

The guide is written for Ubuntu 8.10 and the openldap version I don't think it's important.
Anyway you are not going to succeed with the misc.schema. I guess you'll get a "Duplicate entry..." or "Already exists..." error. Try to add directly the rfc2307bis.schema you want.
Another thing to pay attention is to edit the ldif and use the correct dn and cn values for the entry you want to add. In the misc.schema example you must have:

Code:

dn: cn=misc,cn=schema,cn=config
...
cn: misc

cviniciusm · 01-28-2009, 08:49 PM

Hello,

The item 4 on https://help.ubuntu.com/8.10/serverg...ap-server.html is not clear. The output of previous step (for the misc.ldif) has "dn: cn={8}misc". So I changed it to "dn: cn=misc,cn=schema,cn=config" as you pointed it. It worked fine.

I think it's more clear to say:
4. edit the misc{8}.ldif:
"dn: cn={8}misc" to "dn: cn=misc,cn=schema,cn=config".
...

Thanks a lot.

ketzaldev · 05-06-2009, 03:32 AM

Hi All, I'm working on rfc2703bis too, but I cannot add this schema on openldap because nis schema is still inside...

cviniciusm, did you find a solution to insert this schema on openldap?

Thanks
Ket'