0

OpenDJ 4.4.11
RHEL 7.9

Currently, our production LDAP servers are on OpenDJ 4.4.11. We did not have a pre-prod environment so I decided to make one for upgrade testing. While setting up the server to match production, I encounter schema issues.

I need to update the 'gecos' attributeType that comes with an OpenDJ install. We have users who need the syntax 1.3.6.1.4.1.1466.115.121.1.15 for accents, etc. I apply the following:

/opt/opendj/bin/ldapmodify --port 389 --bindDn cn=manager --bindPassword $CNMAN 
/opt/opendj/ldif/mod_gecos.ldif

which contains:

dn: cn=schema
changetype: modify
delete: attributeTypes
attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN '04-rfc2307bis.ldif' )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'draft-howard-rfc2307bis' X-SCHEMA-FILE '99-user.ldif' )

This completes successfully, but then after several minutes OR a service restart, /opt/opendj/bin/stop-ds --restart I get the following:

category=CONFIG severity=WARNING msgID=761 msg=The config schema file '04-rfc2307bis.ldif' generated warning when trying to update schema with its content: [Unable to register attribute type name with the server schema because its OID 2.5.4.41 conflicts with the OID of an existing attribute type name, Validation of object class definition ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( authPassword $ userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'draft-howard-rfc2307bis' X-SCHEMA-FILE '04-rfc2307bis.ldif' ) failed and will be removed from the schema: The object class "posixAccount" specifies the optional attribute type "gecos" which is not defined in the schema]

What could I be doing wrong? Prior to the gecos update, service restarts never show the above warnings and error messages.

deconstruct
  • 41
  • 1
  • 6

1 Answers1

1

When you do the modification of the schema, you store the result in the 99-user.ldif file, which will be the last one to load.

When loading the 04-rfc2307bis.ldif file, the "gecos" attribute is not yet defined and this invalidates the "posixAccount" definition.

You should make sure the definition of "gecos" is stored in the same schema file.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
  • Still get dup OID. ```dn: cn=schema changetype: modify delete: attributeTypes attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN '04-rfc2307bis.ldif' ) - add: attributeTypes attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '04-rfc2307bis.ldif' X-SCHEMA-FILE '04-rfc2307bis.ldif' )``` – deconstruct Mar 10 '23 at 14:56
  • Sorry, character limitation.. Should I omit the X-SCHEMA-FILE and just use X-ORIGIN? – deconstruct Mar 10 '23 at 14:59
  • 1
    I think you can omit the W-ORIGIN. You want to keep the X-SCHEMA-FILE because it forces the definition to be written in that file and then loaded at the correct time. – Ludovic Poitou Mar 11 '23 at 15:33
  • 1
    The dup OID message is strange, it's on the "name" attribute. I don't recall having seen this issue in the past. The alternate solution is to stop the server, edit the 04-rfc2307bis.ldif file and restart the server. Make sure, there is no left over in the 99-user.ldif file. – Ludovic Poitou Mar 11 '23 at 15:36