David Timber wrote:
> I had to write my own schema for my application and I was struggling to
> figure out how to import the schema I wrote to cn=config. I had though I was
> missing
> something until I found this.
>
> https://gist.github.com/jaseg/8577024
>
> Notice the name of the script. Someone had to write this because there's no
> tool that you can use to import schemas when the slapd is configured with
> cn=config.
> You can get away with it by using include directive with slapd.conf. I know
> there's a way to do it with slaptest, but that method is just unacceptable.
> So, how
> I understood is, either you have to use slaptest to rebuild the entirety of
> the schema in ldif format,
> or you have to handcraft the schema in ldif by figuring
> out with {} index to start with. This is all backwards.
No. cn=config autogenerates these {} indices. This has been documented since
2007.
https://openldap.org/doc/admin24/slapdconf2.html
"Some of the entries listed above have a numeric index "{X}" in their names.
While most configuration settings have an inherent ordering dependency (i.e.,
one
setting must take effect before a subsequent one may be set), LDAP databases
are inherently unordered. The numeric index is used to enforce a consistent
ordering in the configuration database, so that all ordering dependencies are
preserved. In most cases the index does not have to be provided; it will be
automatically generated based on the order in which entries are created."
> slapadd and slapmodify are just cranky tools you can only use in specific
> cases(eg: restoring from mdb_copy backup data). In most cases, using those
> tools to
> manipulate cn=config is near impossible.
Using slapadd to add a single schema LDIF is trivial. So is using ldapadd.
cn=config is just an LDAP database, you use standard LDAP operations on it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
