Documentation< Previous | Contents | Next >
1.4. Modifying the slapd Configuration Database
The slapd-config DIT can also be queried and modified. Here are a few examples.
• Use ldapmodify to add an "Index" (DbIndex attribute) to your {1}mdb,cn=config database (dc=example,dc=com). Create a file, call it uid_index.ldif, with the following contents:
dn: olcDatabase={1}mdb,cn=config add: olcDbIndex
olcDbIndex: mail eq,sub
Then issue the command:
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif
modifying entry "olcDatabase={1}mdb,cn=config"
You can confirm the change in this way:
sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \ cn=config '(olcDatabase={1}mdb)' olcDbIndex
dn: olcDatabase={1}mdb,cn=config olcDbIndex: objectClass eq olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq olcDbIndex: member,memberUid eq olcDbIndex: mail eq,sub
• Let's add a schema. It will first need to be converted to LDIF format. You can find unconverted schemas in addition to converted ones in the /etc/ldap/schema directory.
• It is not trivial to remove a schema from the slapd-config database. Practice adding schemas on a test system.
• Before adding any schema, you should check which schemas are already installed (shown is a default, out-of-the-box output):
sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b \ cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
In the following example we'll add the CORBA schema.
1. Create the conversion configuration file schema_convert.conf containing the following lines:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/ldapns.schema include /etc/ldap/schema/pmi.schema
2. Create the output directory ldif_output.
3. Determine the index of the schema:
slapcat -f schema_convert.conf -F ldif_output -n 0 | grep corba,cn=schema
cn={2}corba,cn=schema,cn=config
When slapd ingests objects with the same parent DN it will create an index for that object. An index is contained within braces: {X}.
4. Use slapcat to perform the conversion:
slapcat -f schema_convert.conf -F ldif_output -n0 -H \ ldap:///cn={2}corba,cn=schema,cn=config -l cn=corba.ldif
The converted schema is now in cn=corba.ldif
5. Edit cn=corba.ldif to arrive at the following attributes:
dn: cn=corba,cn=schema,cn=config
...
cn: corba
Also remove the following lines from the bottom:
structuralObjectClass: olcSchemaConfig entryUUID: 52109a02-66ab-1030-8be2-bbf166230478
creatorsName: cn=config createTimestamp: 20110829165435Z
entryCSN: 20110829165435.935248Z#000000#000#000000
modifiersName: cn=config modifyTimestamp: 20110829165435Z
Your attribute values will vary.
6. Finally, use ldapadd to add the new schema to the slapd-config DIT:
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=corba.ldif
adding new entry "cn=corba,cn=schema,cn=config"
7. Confirm currently loaded schemas:
sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}corba,cn=schema,cn=config
For external applications and clients to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the appropriate client-side documentation for details.