0

Specifically, I need to add ORDERING caseIgnoreOrderingMatch to the givenName and surname attributes. I had hoped there was some way to do this using ldapmodify but the following is not working for me (maybe the core schema is read only, but it's giving me a syntax error):

$ ldapmodify -QY EXTERNAL -H ldapi:/// <<EOF
dn: cn=Subschema
changetype: modify
delete: attributetypes
attributetypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name
 (s) for which the entity is known by' SUP name )
-
add: attributetypes
attributetypes: ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name
 (s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch )
-
delete: attributetypes
attributetypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family)
  name(s) for which the entity is known by' SUP name )
-
add: attributetypes
attributetypes: ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family)
  name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrderingMatch )
EOF

modifying entry "cn=Subschema"
ldap_modify: Invalid syntax (21)
    additional info: attributetypes: value #0 invalid per syntax
$

I've seen some suggestions to edit the schema files directly which I didn't want to do, but that (stop slapd, edit /etc/openldap/schema/core.ldif, restart slapd) seems to have no effect.

Any pointers to how this can be done? My LDAP knowledge is tenuous at best, so any help is appreciated! Thanks.

miken32
  • 942
  • 1
  • 13
  • 35

2 Answers2

2

Figured it out; the examples I was using were geared toward a different distro with slightly different config -- I'm on Scientific Linux 6.5. Combine that with my ignorance, and no wonder it didn't work. Here is what worked:

ldapmodify -QY EXTERNAL -H ldapi:/// <<EOF
dn: cn={1}core,cn=schema,cn=config
changetype: modify
delete: olcAttributeTypes
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name )
-
add: olcAttributeTypes
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
 amily) name(s) for which the entity is known by' SUP name ORDERING caseIgnore
 OrderingMatch )
-
delete: olcAttributeTypes
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name )
-
add: olcAttributeTypes
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
 st name(s) for which the entity is known by' SUP name ORDERING caseIgnoreOrde
 ringMatch )
EOF

And for direct file editing, the file path was /etc/openldap/slapd.d/cn=config/cn=schema/cn={1}core.ldif but using ldapmodify is a better method.

miken32
  • 942
  • 1
  • 13
  • 35
0

Honestly, you should not mess around with the standard object classes. The way you answered your own question does work; however, it is WAY better to define your own local schema with either a new structural object class (which might inherit from another) or define an auxiliary object class and add it to your nodes.

I already answered a similar question over here: Openldap problems with adding attribute

You can find some cleaner ways for your problem there.

Community
  • 1
randomnickname
  • 513
  • 2
  • 11