Tagged: , ,

This topic has 3 replies, 2 voices, and was last updated 5 years, 5 months ago by Bill Nelson.

  • Author
    Posts
  • #11398
     avinashch
    Participant

    Ldiff file
    —————————————-
    dn: cn=schema
    changetype: modify
    delete: objectClasses
    objectClasses: ( callidusperson-oid NAME ‘callidusperson’ SUP top AUXILIARY MAY ( twoFAEnabled $ twoFAEnabled2 $ attribute3 $ attribute4 ) )

    1. Is there a way I can just mention ‘*’ in the place of mentioning all the user defined attributes in the class,
    since if I miss any of the attributes modify/delete operation fails

    2. If I have to add more attributes to the existing custom class instead of deleting the schema and adding. Do we have anything like appending.
    If delete and add is the only way what happens to the existing LDAP user Data which is using this class.

    • This topic was modified 5 years, 5 months ago by avinashch.
    #11401
     Bill Nelson
    Participant

    1. You both need to specify and want to specify them all. This is necessary to make 100% sure you are deleting the right one. I typically do a search operation to obtain the “exact” set before performing the delete operation.

    2. When modifying the schema, I have always taken the delete/add approach and as I said in #1, you can script this. Any non-schema objects, it is easier to do a changetype: modify and use the replace operation.

    dn: uid=bnelson,ou=people,dc=identityfusion,dc=com
    changetype: modify
    replace: favoriteDrink
    favoriteDrink: wine

    #11404
     avinashch
    Participant

    Hi Bill,

    Thanks for the information.

    Can you please provide the sample script or ldapsearch query you are using to retrieve all the attributes in a custom object class.

    #11412
     Bill Nelson
    Participant

    Hi @avinashch, here is an ldapsearch/grep command sequence that you can use to retrieve a specific object class or attribute from the schema. The trick here is to use the objectclass=ldapsubentry filter.

    ./ldapsearch -h localhost -p 1389 -D “cn=Directory Manager” -w cangetin -T -b cn=schema -s base “objectclass=ldapsubentry” + | grep -i “NAME ‘inetOrgPerson'”

    This will return something like this:

    objectClasses: ( 2.16.840.1.113730.3.2.2 NAME ‘inetOrgPerson’ SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) X-ORIGIN ‘RFC 2798’ )

    Once you have this knowledge you can then use it to do all sorts of wonderful things in changing the schema. I don’t have a specific example for schema changes, but here is one for using this process for modifying a particular person object class. You can use the same process for the schema, however.

    /opt/forgerock/opendj/bin/ldapmodify -h localhost -p 1389 -D “cn=Directory Manager” -w password -f ./customAttribute.ldif

    where customAttribute.ldif contains the following:

    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( exampleCustomAttribute NAME ‘exampleCustomAttribute’ DESC ‘A really cool custom attribute’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

    delete: objectClasses
    objectClasses: ( examplePerson NAME ‘examplePerson’ DESC ‘examplePerson’ SUP top AUXILIARY MAY ( middlename $ customid $ companyid $ personid $ emplid $ networkid $ emailwork $ emailhome $ emailemergency $ emailother $ exampleRole ) )

    add: objectClasses
    objectClasses: ( examplePerson NAME ‘examplePerson’ DESC ‘examplePerson’ SUP top AUXILIARY MAY ( middlename $ customid $ companyid $ personid $ emplid $ networkid $ emailwork $ emailhome $ emailemergency $ emailother $ exampleCustomAttribute ) )

    • This reply was modified 5 years, 5 months ago by Bill Nelson.
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?