Removing objectsClasses and attributeTypes from ldap using ObjectID only

Tagged: 

This topic has 5 replies, 3 voices, and was last updated 7 years, 3 months ago by Gregory Wright.

  • Author
    Posts
  • #4025
     seth.zurborg
    Participant

    I have been trying to remove objectsClasses, and attributeTypes from a local openDJ instance via a script. The goal is to create a set of scripts to destroy and then recreate the server, so that when changes occur each developer/instance can simply have the scripts ran and be ready to go. I have been successful at removing objests and attributes using the full definition, but when I try to use the ObjectID it is unable to find the objects/attributes. “Entry cn=schema cannot be modified because the attempt to update objectClasses would have removed one or more values from the attribute that were not present: (1.1.2.2.2) ”

    Working ldif:

    dn: cn=schema
    changetype: modify
    delete: objectClasses
    objectclasses: ( 1.1.2.2.2 NAME ‘tstPerson’
    DESC ‘Person object’
    SUP inetOrgPerson
    STRUCTURAL
    MUST ( name )
    MAY ( unit )
    )

    dn: cn=schema
    changetype:modify
    delete:attributeTypes
    attributeTypes: (2.16.3.1.1
    NAME ‘unit’
    DESC ‘identifies the unit or units a person has been assigned’
    EQUALITY caseIgnoreMatch
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

    Shortened Non working:

    dn: cn=schema
    changetype: modify
    delete: objectClasses
    objectclasses: ( 1.1.2.2.2 )

    dn: cn=schema
    changetype:modify
    delete:attributeTypes
    attributeTypes: ( 2.16.3.1.1 )
    The question is, in order to delete an objectClass or attribute, does the full definition of the objectClass or attribute need to be provided, or is there a way to specifically identify the objectClass or attribute with a name or OID?

    ~edit: spacing

    • This topic was modified 7 years, 3 months ago by seth.zurborg. Reason: apscing
    #4033
     Ludo
    Moderator

    Just checked and it works with just the OID and the name.

    $ ldapmodify -D cn=directory\ manager -w secret12 -p 1389
    dn: cn=schema
    changetype: modify
    delete: attributeTypes
    attributeTypes: (2.16.3.1.1 NAME 'unit')
    
    Processing MODIFY request for cn=schema
    MODIFY operation successful for DN cn=schema
    

    I need to verify why just the OID is not sufficient, but this should help you moving forward.

    #4034
     seth.zurborg
    Participant

    I have tried to do the above, thinking maybe it would be different on the command line.
    Failed Delete

    #4035
     Gregory Wright
    Participant

    Using the following LDIF:

    
    dn: cn=schema
    changetype: modify
    delete: objectClasses
    objectClasses: ( 1.1.2.2.2 NAME 'myObjectClass' )
    

    And the following command:

    
    ldapmodify -p 389 -D "CN=Directory Manager" -f ./remove-object-class.ldif -w mypassword
    

    Gets the following result:

    
    Processing MODIFY request for cn=schema
    MODIFY operation failed
    Result Code:  16 (No Such Attribute)
    Additional Information:  Entry cn=schema cannot be modified because the attempt to update attribute objectClasses would have removed one or more values from the attribute that were not present:  ( 1.1.2.2.2 NAME 'myObjectClass' )
    

    Is it possible that object classes behave differently?

    • This reply was modified 7 years, 3 months ago by Gregory Wright. Reason: Corrected markup
    #4037
     Ludo
    Moderator

    Hi Greg and Seth,

    My coworker Chris made me realised that I’ve run tests with the trunk and a development build of OpenDJ 3.0.
    We have made some changes in the server to support the objectIdentifierFirstComponentMatch MR for schema elements.
    With OpenDJ 2.6, the entire attribute or objectclass definition must be passed to be removed.

    #4039
     Gregory Wright
    Participant

    Thank you Ludo – at least we have a definitive answer.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?