There are times when you need to add or modify the schema of a DIT. Although this was done in regards to eDirectory (8.8.2) it is intended to be generic and should apply to other LDAP vendor's servers.

The Auxiliary ObjectClasses#

We often are in organizations where they (or we) have implemented the use of Auxiliary ObjectClasses that are specific to the organization or even specific to a application. Usually there is a lot of rigorous debate and effort when creating of these Auxiliary ObjectClasses in the vane belief that it will be just right and never need to be changed. Yea Right! Never going to happen in today's dynamic organization.

Some of this effort is expended as a lot of people do no know that the schema is flexible and can be modified with little effort. We have seen some people who go to great lengths unnecessary in an exercise like:

  • exported all the values to LDIF files
  • remove the Auxiliary ObjectClasses
  • add the new (or delete and then add a changed) attribute
  • add the Auxiliary ObjectClass back to the schema
  • import the LDIF files back in.

Here is an example as to how to make those changes less painful.

The ibsOBIApp Auxiliary ObjectClass#

Your organization creates a new Auxiliary ObjectClass similar to the one below:


dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes:	( ibsobiloglevel-oid NAME 'ibsOBILogLevel' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-NDS_NOT_SCHED_SYNC_IMMEDIATE ' 1' )

dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes:	( ibsobirolemember-oid NAME 'ibsOBIRoleMember' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses:	( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )

You implement the Auxiliary ObjectClass in test, UAT and then after everyone signs off, into production.

A month later, the OBI application people call and want another attribute (ibsOBIWebRole) added to the Auxiliary ObjectClass. You could simple modify the schema with an LDIF similar to:


dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes:	( ibsOBIWebRole-oid NAME 'ibsOBIWebRole' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )

# WARNING do a delete and add in the same operation to preserve values 
dn: cn=schema
changetype: modify
delete: objectclasses
objectClasses:	( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )
-
add: objectclasses
objectClasses:	( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember $ ibsOBIWebRole ) X-NDS_NOT_CONTAINER '1' )

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 16-Aug-2008 10:54 by jim