How to add a schema file to OpenLDAP 2.4

The following are the steps I used to add samba.schema to an already running OpenLDAP 2.4 installation.

  1. Create a file called convert.conf that contains a list of the of schema file(s) to be converted. To make things go smoother later on, include all the schema files already in your OpenLDAP installation. Make sure to list them in the same order they are listed in your existing setup. Add the schema file(s) to be added at the end.

For example:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema

In this example, core.schema through openldap.schema are already in the OpenLDAP server. ┬ásamba.schema is the new schema we’re adding.

  1. Create a diretory to hold the generated configuration.
mkdir /tmp/ldif_output
  1. Run slapcat(1) command passing it our convert.conf to create the ldif.
slapcat -f ./convert.conf -F /tmp/ldif_output -n0 -s 'cn={5}samba,cn=schema,cn=config' > samba.ldif

The number 5 in ‘cn={5}samba,cn=schema,cn=config’ is based on samba.schema being the 5th entry in convert.conf when you count the rows in the file starting at 0.

  1. Next, edit samba.ldif and remove the following lines from the end of the file.
structuralObjectClass: olcSchemaConfig
entryUUID: eba68f74-d586-1030-94a1-d3d0db45d1cb
creatorsName: cn=config
createTimestamp: 20120117184341Z
entryCSN: 20120117184341.297933Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120117184341Z

The field names in your file will match, but the values will be different.

You’ll note that we didn’t have to update the DN value in samba.ldif. This is because we put the schema files in the proper order in our convert.conf. If we didn’t, you would have to edit the value before running proceeding to the next step.

  1. Now add the the converted samba schema to your OpenLDAP server.
ldapadd -x -W -D 'cn=config' -W -f ./samba.ldif

If it worked you should receive the message:

adding new entry "cn={5}samba,cn=schema,cn=config"

2 thoughts on “How to add a schema file to OpenLDAP 2.4

  1. Thank you for this very valuable info.

    However, on step 5, the command should be:

    ldapadd -x -W -D ‘cn=admin,cn=config’ -f ./samba.ldif

    Also note that it would better on step 4 to delete “{5}” from lines 1 and 3 of the produced ldif file.

Leave a Reply

Your email address will not be published. Required fields are marked *