0

I use the email of my users in my LDAP class as a 'must':

// schema.ldif
objectClasses: ( 2.25.XXXX.3 NAME 'user' SUP inetOrgPerson STRUCTURAL MUST mail MAY ( XXX ) )

And my user are stored in my ldap with the DN:

mail=toto@example.com,ou=people,dc=company,dc=com

For different reasons, I would like to now use an userId for the Dn, so my schema will look like this:

// schema.ldif
objectClasses: ( 2.25.XXXX.3 NAME 'user' SUP inetOrgPerson STRUCTURAL MUST (mail, userid) MAY (XXX) )

And so the DN would now look like that (mail being a must but not used in the Dn):

userid=325448,ou=people,cd=company,dc=com

How can I do that? Is there a procedure to migrate an object class from one schema to another?

I can code a migration procedure in my program so that it iterates on all entries and fills that userId correctly, but I couldn't find anything about that in LDAP documentation.

Another idea is to make the userId a MAY field in a first step, then fill it, then make it a MUST, then use the modifyDn to change the DN of all users. Would this work?

Any input on this?

If it can help, we use OpenDJ for the LDAP server.

Gui13
  • 121
  • 1
  • 7

1 Answers1

0

Since the schema change is mostly compatible (only add a constraint), with OpenDJ, you can change the objectclass definition by deleting the old value and adding the new value, using ldapmodify (of cn=schema). The OpenDJ server will continue to return all entries, but will require that you update the entries that do not have a userid value before doing any other change.

You can use LDAP ModDN to change the attribute that is used in the DN for each entry.

The change in LDIF would look like this:

dn: mail=toto@example.com,ou=people,dc=company,dc=com
changetype: moddn
newdn: userid=325448
deleteoldrdn: false
-

Note that you do not need to stop the server to do all of these changes.

Ludovic Poitou
  • 101
  • 1