Home / server / Questions / 659928
Accepted
miken32
Asked: 2015-01-16 16:29:00 +0800 CST

How to change OpenLDAP core attributes

  • 772

Specifically, I need to add ORDERING caseIgnoreOrderingMatch to the givenName and surname attributes. I had hoped there was some way to do this using ldapmodify but the following is not working for me (maybe the core schema is read only, but it's giving me a syntax error):

$ ldapmodify -QY EXTERNAL -H ldapi:/// <<EOF
dn: cn=Subschema
changetype: modify
delete: attributetypes
attributetypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name
 (s) for which the entity is known by' SUP name )
-
add: attributetypes
attributetypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name
 (s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch )
-
delete: attributetypes
attributetypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family)
  name(s) for which the entity is known by' SUP name )
-
add: attributetypes
attributetypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family)
  name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch )
EOF

modifying entry "cn=Subschema"
ldap_modify: Invalid syntax (21)
    additional info: attributetypes: value #0 invalid per syntax
$

I've seen some suggestions to edit the schema files directly which I didn't want to do, but that (stop slapd, edit /etc/openldap/schema/core.ldif, restart slapd) seems to have no effect.

Any pointers to how this can be done? My LDAP knowledge is tenuous at best, so any help is appreciated! Thanks.

ldap

2 Answers

  1. Best Answer

    Figured it out; the examples I was using were geared toward a different distro with slightly different config -- I'm on Scientific Linux 6.5. Combine that with my ignorance, and no wonder it didn't work. Here is what worked:

    ldapmodify -QY EXTERNAL -H ldapi:/// <<EOF
dn: cn={1}core,cn=schema,cn=config
changetype: modify
delete: olcAttributeTypes
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name )
-
add: olcAttributeTypes
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name ORDERING caseIgnore
 OrderingMatch )
-
delete: olcAttributeTypes
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name )
-
add: olcAttributeTypes
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrde
 ringMatch )
EOF

    And for direct file editing, the file path was /etc/openldap/slapd.d/cn=config/cn=schema/cn={1}core.ldif but using ldapmodify is a better method.

    • 0

  2. Honestly, you should not mess around with the standard object classes. The way you answered your own question does work; however, it is WAY better to define your own local schema with either a new structural object class (which might inherit from another) or define an auxiliary object class and add it to your nodes.

    I already answered a similar question over here: Openldap problems with adding attribute

    You can find some cleaner ways for your problem there.

    • 0