The following notes may be useful when working with OpenLDAP they describe what you can and cannot do without ripping everything up and starting again.
You can do any of the following things using an operational directory and without junking it and starting again - it is not necessary to get this stuff right at the beginning:
You can add a new objectclasses of type STRUCTURAL to existing entries IF and ONLY IF it has a SUP (parent) which is already contained in the entry e.g. you can add inetorgperson to an existing entry with, say, person but you cannot add account in the same circumstances because it has a SUP of top and would create a second STRUCTURAL object class hierarchy in the entry - which is now strictly verboten.
You CANNOT do any of the following things using an operational directory. If you get any of this stuff wrong it will hurt - maybe badly, maybe not:
Darkness has descended on the world. You have a major structuring problem on your hands and you need to start again. First thing to do is panic! Then do some thinking.
Export the whole directory as a text LDIF file. Because LDIF files are pure text you can write some simple scripts to manipulate the entire directory.
Stop OpenLDAP (slapd). Go to the directory defined in your database of slapd.conf and delete everything in the directory.
Sart OpenLDAP (slapd). Use ldapadd to import your modified LDIF file back into the directory.
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
3 ldap objects
4 install ldap
7 replica & refer
10 ldap api
14 ldap tools
notes & info
rfc's & x.500
This work is licensed under a Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox