This topic has 4 replies, 4 voices, and was last updated 2 years, 6 months ago by Andy Cory.

  • Author
  • #27542

    Hello partners. I am adding attributes to the OpenDJ and I would like to know what is the recommended way to do it:
    1) Through the control panel.
    2) Through an ldif file and importing it into the schema with the ldapmodify command (as explained in this point:
    3) Copying the .ldif file to the opendj path in the config/schema folder and restarting the OpenDJ

    I understand that according to the documentation it must be done in one of the first two ways, can you confirm it?
    Thank you very much for your help.


    If you have a few schema updates, using the control panel may by the easiest, but it’s difficult to automate and repeat. Also, the control panel was removed in the most recent versions of ForgeRock Directory Services.

    So, creating a file that contains the schema is a good option.
    Once you have the file, updating the server over LDAP (using ldapmodify for example) allows to do the change without stopping the service, and the update is replicated to all servers.
    If you copy the file to the config/schema folder and restart the server, it will work, and the changes should be detected and replicated to all other servers, but you’ve stopped the server while you didn’t need to.
    Bottom line, the 3 ways to do are working, but 2 is the preferred way for automation, repeatability and availability of the service.


    But he has seen in the documentation and other forum entries, that it is not advisable to edit or create files directly in the schema directory in productive environments or in cases other than for testing. So, more recommended would be the use of the ldapmodify command, right?

    Thank you very much for your time.

     Chris Ridd

    At some point, the control panel became unable to correctly update schema – see OPENDJ-3410.

    I would also strongly suggest using ldapmodify.

     Andy Cory

    If these updates are against an active environment, then ldapmodify is definitely the way to go. If building a new environment, adding a suitable LDIF file to the schema directory at build time is the way I would choose, then the schema is part of your build. ForgeRock have ‘called time’ on the Control Panel, I wouldn’t recommend using it now for that reason.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?