7

I created a custom LDAP objectClass, but forgot a couple attributes before I added it to my OpenLDAP server. I followed the instructions on this Ubuntu doc page: https://help.ubuntu.com/12.04/serverguide/openldap-server.html I am running Ubuntu 12.04.

So, how do I add a new MAY attribute to an objectClass that is already applied to the server?

Specifically on OpenLDAP, but it would be good to know how for Novell eDirectory as well.

David R.
  • 607
  • 3
  • 6
  • 18
  • Just tried this ldif file: version: 1 dn: cn={4}lccperson,cn=schema,cn=config add: olcAttributeTypes olcAttributeTypes: ( 1.3.6.1.4.1.32916.2.1.1.1.29 NAME 'lccPersonMiddleName' DESC 'The persons middle name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) And that apparently added the gibberish in the next comment. – David R. Nov 09 '12 at 18:49
  • olcAttributeTypes:: ezI4fSggMS4zLjYuMS40LjEuMzI5MTYuMi4xLjEuMS4yOSBOQU1FICdsY2NQZXJzb25NaWRkbGVOYW1lJyBERVNDICdUaGUgcGVyc29ucyBtaWRkbGUgbmFtZS4nIEVRVUFMSVRZIGNhc2VJZ25vcmVNYXRjaCBTVUJTVFIgY2FzZUlnbm9yZVN1YnN0cmluZ3NNYXRjaCAJU1lOVEFYIDEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjE1IFNJTkdMRS1WQUxVRSAp Hmm... Comments don't format well do they. Anyway, any suggestions? – David R. Nov 09 '12 at 18:49
  • moral of the story, avoid tabs in your ldif file. – David R. Nov 09 '12 at 19:40
  • 1
    You're able to edit your original question. You can insert the formatted comments as part of the question and delete the comments. – jscott Nov 09 '12 at 21:28

1 Answers1

7

The short answer

Use ldapmodify exactly like you would on a regular ldap entry with multi-valued attributes.

That's pretty much what I expected, but I wasn't 100% sure, due to the {N} indexing that you see when you run an ldap search for the schema.

The long answer

First, find your schema's dn. Something like cn={4}test,cn=schema,cn=config Then write an ldif file and apply it to your directory. On Ubuntu 12.04 I applied it as root with: 

ldapmodify -Q -Y EXTERNAL -H ldapi://  -f test.ldif

The part I had issues with was the ldif modify syntax, and what to do with the {N} indexes.

So, the start of your ldif file should be something like:

version: 1

dn: cn={N}test,cn=schema,cn=config
changetype: modify

To modify an objectClass:

delete: olcObjectClasses
olcObjectClasses: <old value>
-
add: olcObjectClasses
olcObjectClasses: <new value>

To modify an attribute:

delete: olcAttributeTypes
olcAttributeTypes: <old value>
-
add: olcAttributeTypes
olcAttributeTypes: <new value>

Some tips I figured out about syntax:

  • Ignore the {N} indexes in your ldif file. They get fixed automatically.
  • You do need the {N} in your schema's DN.
  • Remember the '-' between statements.
  • Don't put a new line after the '-'. ldapmodify stops at that new line, so anything after it will not be executed.
  • Add new attributes before you modify the objectClass to include them.
  • Eliminate all tab characters. They cause the system to produce gibberish.
David R.
  • 607
  • 3
  • 6
  • 18