There are times when you need to add or modify the schema of a DIT. Although this was done in regards to eDirectory (8.8.2) it is intended to be generic and should apply to other LDAP vendor's servers.
Some of this effort is expended as a lot of people do no know that the schema is flexible and can be modified with little effort. We have seen some people who go to great lengths unnecessary in an exercise like:
Here is an example as to how to make those changes less painful.
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( ibsobiloglevel-oid NAME 'ibsOBILogLevel' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-NDS_NOT_SCHED_SYNC_IMMEDIATE ' 1' )
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( ibsobirolemember-oid NAME 'ibsOBIRoleMember' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )
You implement the Auxiliary ObjectClass in test, UAT and then after everyone signs off, into production.
A month later, the OBI application people call and want another attribute (ibsOBIWebRole) added to the Auxiliary ObjectClass. You could simple modify the schema with an LDIF similar to:
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( ibsOBIWebRole-oid NAME 'ibsOBIWebRole' DESC 'For OBI Application' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )
# WARNING do a delete and add in the same operation to preserve values
dn: cn=schema
changetype: modify
delete: objectclasses
objectClasses: ( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )
-
add: objectclasses
objectClasses: ( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember $ ibsOBIWebRole ) X-NDS_NOT_CONTAINER '1' )