[KLUG Members] Pesky LDAP
Adam Williams
members@kalamazoolinux.org
10 Sep 2002 07:19:00 -0400
>OK I got the system to except the dn but it kicked out due to the
>absence of a definition for an attribute. This clued me in on the fact
>that the schema needs quite a bit of extending. I found the following
>site which talks about how to go about doing this:
>http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-GILSchemaExtension.html
Schema extending should always be a last resort as you limit your
interoperability with various clients and the outside world.
>Problem is that it reccomends makeing the following changes to the
>following files:
>>Edit file: /etc/openldap/schema/cosine.schema Change the lines:
>> Change: NAME ( 'mobile' 'mobileTelephoneNumber' )
>> to: NAME ( 'mobile' 'mobileTelephoneNumber' 'cellPhone' )
>> Also change: NAME ( 'pager' 'pagerTelephoneNumber' )
>> to: NAME ( 'pager' 'pagerTelephoneNumber' 'pagerPhone' )
>> Edit file: /etc/openldap/schema/core.schema Change the lines:
>> Change: attributetype ( 2.5.4.20 NAME 'telephoneNumber'
>> to: attributetype ( 2.5.4.20 NAME ( 'telephoneNumber'
>>'xmozillaanyphone' )
>Now what I've heard is that you should never edit the distributed
>schemas.
Correct.
>Rather you should create your own schema file and append it.
>Consequently, I made files with the appropriate changes and copied them
>to /etc/openldap/schema/ The original files were left at
>usr/share/openldap/schema/. When I tried to include them in slapd.conf
>I got errors such that other dependant schemas could not find parent
>clases etc.
You must have left something out on accident. Which is pretty easy to
do.
>Now it seems to me that the simple addition of a name shouldn't affect
>other schemas in this manner.
No, it shouldn't.
>Since it does seem to however, can't I
>just specify an alias in local.schema and then include local.schema in
>slapd.conf? Can I get an example of how to do this?
It should be safe, if your just adding an alias, to edit the distributed
files. Just keep a pristine copy somewhere.
However, the real solution is to fix the crud that is coming out of
Mozilla. Mozilla's export format is psuedo-LDIF, so as you massaged
the dn you may have to massage the attributes.
sed "s/xxmozillaanyphone/telephoneNumber/g" address.mozilla | sed
"s/pagerPhone/pager/g" | sed "s/cellPhone/mobile/g" > address.ldif
should replace there attribute names with the legitimate one.
And I'll bet a perl monk could whip up something even nicer.
I am surprised how whigged mozilla's LDAP support seems to be, and I
though Evolutions support was crumby. I guess programmers aren't
administrators, but we've seen evidence of that before.