February 4, 2020 at 11:57 pm #27542user1234Participant
Hello partners. I am adding attributes to the OpenDJ and I would like to know what is the recommended way to do it:
1) Through the control panel.
2) Through an ldif file and importing it into the schema with the ldapmodify command (as explained in this point: https://backstage.forgerock.com/docs/opendj/3/admin-guide/#update-schema)
3) Copying the .ldif file to the opendj path in the config/schema folder and restarting the OpenDJ
I understand that according to the documentation it must be done in one of the first two ways, can you confirm it?
Thank you very much for your help.February 5, 2020 at 8:52 am #27544LudoModerator
If you have a few schema updates, using the control panel may by the easiest, but it’s difficult to automate and repeat. Also, the control panel was removed in the most recent versions of ForgeRock Directory Services.
So, creating a file that contains the schema is a good option.
Once you have the file, updating the server over LDAP (using ldapmodify for example) allows to do the change without stopping the service, and the update is replicated to all servers.
If you copy the file to the config/schema folder and restart the server, it will work, and the changes should be detected and replicated to all other servers, but you’ve stopped the server while you didn’t need to.
Bottom line, the 3 ways to do are working, but 2 is the preferred way for automation, repeatability and availability of the service.February 5, 2020 at 9:11 am #27545user1234Participant
But he has seen in the documentation and other forum entries, that it is not advisable to edit or create files directly in the schema directory in productive environments or in cases other than for testing. So, more recommended would be the use of the ldapmodify command, right?
Thank you very much for your time.February 5, 2020 at 11:32 am #27546Chris RiddParticipant
At some point, the control panel became unable to correctly update schema – see OPENDJ-3410.
I would also strongly suggest using ldapmodify.February 5, 2020 at 3:36 pm #27548Andy CoryParticipant
If these updates are against an active environment, then ldapmodify is definitely the way to go. If building a new environment, adding a suitable LDIF file to the schema directory at build time is the way I would choose, then the schema is part of your build. ForgeRock have ‘called time’ on the Control Panel, I wouldn’t recommend using it now for that reason.
You must be logged in to reply to this topic.