Skip to content

Instantly share code, notes, and snippets.

@tecoholic

tecoholic/schema_migration_notes.md

Last active September 22, 2016 17:33
Show Gist options
  • Save tecoholic/6973143f3fe2b8c58d4f94bc41994468 to your computer and use it in GitHub Desktop.
Save tecoholic/6973143f3fe2b8c58d4f94bc41994468 to your computer and use it in GitHub Desktop.
Download ZIP
Notes taken during converting the opendj schema to openldap schema
Raw
schema_migration_notes.md

Schema LDIF

Change #1:

lastModifiedTime has been deprecated in favour of modifyTimeStamp - This was noted in the /etc/ldap/schema/cosine.schema

Change #2:

Using the attributes modifyTimeStamp and createTimeStamp are generating blocking errors

root@ubuntu-1gb-nyc3-01:~# slapcat -f schema_convert.conf -F ldif_output -n 0
57e039e0 /root/gluu.schema: line 2620 objectclass: user-defined ObjectClass includes operational 
attributes: "( 1.3.6.1.4.1.12345.1.4.19 NAME 'oxAuthSessionId' SUP top STRUCTURAL MUST objectclass
MAY  ( modifyTimestamp $ oxAuthAuthenticationTime $ oxAuthPermissionGranted $ oxAuthPermissionGra
slapcat: bad configuration directory!
root@ubuntu-1gb-nyc3-01:~# vim gluu.schema 
root@ubuntu-1gb-nyc3-01:~# slapcat -f schema_convert.conf -F ldif_output -n 0
57e03a04 /root/gluu.schema: line 2658 objectclass: user-defined ObjectClass includes operational 
attributes: "( 1.3.6.1.4.1.12345.1.4.27 NAME 'oxAuthToken' SUP top STRUCTURAL MUST objectclass 
MAY ( createTimestamp $ oxAuthAuthenticationTime $ oxAuthAuthorizationCode $ oxAuthCreation $ oxAuthE
slapcat: bad configuration directory!

After these attributes were removed from the schema. The schema was processed.

Indexing

  • There are only pres, approx, eq, sub and special (nosubtypes, nolang) indexes in OpenLDAP
  • For integers, "Use an eq index. This doubles as an ordering index for some non-string syntaxes, including integer, generalizedTime, and (I think) CSN." Refer mail thread
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment