[KLUG Members] Pesky LDAP

Adam Williams members@kalamazoolinux.org
10 Sep 2002 07:19:00 -0400

Previous message: [KLUG Members] Pesky LDAP
Next message: [KLUG Members] Pesky LDAP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>OK I got the system to except the dn but it kicked out due to the
>absence of a definition for an attribute.  This clued me in on the fact
>that the schema needs quite a bit of extending.  I found the following
>site which talks about how to go about doing this: 
>http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-GILSchemaExtension.html

Schema extending should always be a last resort as you limit your
interoperability with various clients and the outside world.

>Problem is that it reccomends makeing the following changes to the
>following files:
>>Edit file: /etc/openldap/schema/cosine.schema  Change the lines:
>>      Change: NAME ( 'mobile' 'mobileTelephoneNumber' )
>>          to: NAME ( 'mobile' 'mobileTelephoneNumber' 'cellPhone' )
>> Also change: NAME ( 'pager' 'pagerTelephoneNumber' )
>>          to: NAME ( 'pager' 'pagerTelephoneNumber' 'pagerPhone' )
>> Edit file: /etc/openldap/schema/core.schema Change the lines:
>>      Change: attributetype ( 2.5.4.20 NAME 'telephoneNumber'
>>          to: attributetype ( 2.5.4.20 NAME ( 'telephoneNumber' 
>>'xmozillaanyphone' )
>Now what I've heard is that you should never edit the distributed
>schemas. 

Correct.

>Rather you should create your own schema file and append it.
>Consequently, I made files with the appropriate changes and copied them 
>to /etc/openldap/schema/ The original files were left at 
>usr/share/openldap/schema/.  When I tried to include them in slapd.conf 
>I got errors such that other dependant schemas could not find parent 
>clases etc.

You must have left something out on accident.  Which is pretty easy to
do.

>Now it seems to me that the simple addition of a name shouldn't affect 
>other schemas in this manner.  

No, it shouldn't.

>Since it does seem to however, can't I 
>just specify an alias in local.schema and then include local.schema in 
>slapd.conf?  Can I get an example of how to do this?

It should be safe, if your just adding an alias, to edit the distributed
files.  Just keep a pristine copy somewhere.

However, the real solution is to fix the crud that is coming out of
Mozilla.  Mozilla's export format is psuedo-LDIF,  so as you massaged
the dn you may have to massage the attributes.

sed "s/xxmozillaanyphone/telephoneNumber/g" address.mozilla | sed
"s/pagerPhone/pager/g" | sed "s/cellPhone/mobile/g" > address.ldif

should replace there attribute names with the legitimate one.

And I'll bet a perl monk could whip up something even nicer.

I am surprised how whigged mozilla's LDAP support seems to be,  and I
though Evolutions support was crumby.  I guess programmers aren't
administrators,  but we've seen evidence of that before.

Previous message: [KLUG Members] Pesky LDAP
Next message: [KLUG Members] Pesky LDAP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]