3

I have created this custom and very basic schema:

objectclass ( 2.25.2.2.1
    NAME 'myObjectClass'
    DESC 'myObjectClass objectclass'
    STRUCTURAL
    MUST ( cn )
    )

I have added it without problem with this myObjectClass.ldif file:

dn: cn=myObjectClass,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: myObjectClass
olcObjectClasses: {0}( 2.25.2.2.1 NAME 'myObjectClass' DESC 'myObjectClass objectclass' STRUCTURAL MUST cn )

Using ldapmodify:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f myObjectClass.ldif

Now I'm trying to delete it with delete.ldif:

dn: cn=schema,cn=config
changetype: modify
delete: objectClass
objectClass: 2.25.2.2.1

Using ldapmodify always get ldap_modify: Server is unwilling to perform (53):

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f delete.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=schema,cn=config"
ldap_modify: Server is unwilling to perform (53)

I'm running Ubuntu 14.04 Server with OpenLDAP 2.4.31

I have searched this in the official docs:

A.2.2. Better cn=schema functionality

In 2.3 you were only able to add new schema elements, not delete or modify existing elements. In 2.4 you can modify schema at will. (Except for the hardcoded system schema, of course.)

Can someone share any clue?

Thanks in advance!

Marco Antonio Suárez Peña
  • 33
  • 1
  • 1
  • 5

3 Answers3

1

The way to modify schema configuration in 2.4 version of the Openldap server is:

  • Remove all entries who use this schema

Then

stopping slapd using slapcat to export the dynamic config to LDIF Modifying the LDIF export to remove the schema in question Remove (or rename) your old dynamic config directory slapadd the updated LDIF start slapd

According this talk on the official site.

Abdelhamid MEDDEB
  • 461
  • 4
  • 5
0

I know this is an old thread but, maybe my answer will help anyone else (including myself in the future)

My OpenLDAP version : slapd (Ubuntu) (Apr 10 2019 12:53:11)

I know that we should never manually edit configuration files, but I already use ldapmodify, ldapdelete none works. This is my last resort that actually works.

cd /etc/ldap
mv slapd.d /var/backups/slapd.d.bak
mkdir slapd.d
slapcat -n0 -F /etc/ldap/slapd.d.old/ > /tmp/config-in-portable-format.ldif

Edit the file /tmp/config-in-portable-format.ldif here...

slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config-in-portable-format.ldif
chown -R openldap:openldap slapd.d/
chmod -R 755 slapd.d/
/etc/init.d/slapd restart
prabowo.priyo
  • 1
-1

I have encountered this error while trying to add a schema using

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif

and it was telling me:

"ldap_modify: Server is unwilling to perform (53) additional info: no global superior knowledge"

I figured out my ldif file was not well formatted (notice the space i had before the distinguished name). screenshot of my ldif file

Staw Master
  • 1
  • 1