Menu
▾
▴
[Fwd: [ldap] RE: dumping an extended schema]
|
From: Michael <mi...@st...> - 2000-07-04 10:37:22
|
Forwarded message about how to retrieve schema information from a LDAPv3 host... -------- Original Message -------- Subject: [ldap] RE: dumping an extended schema Date: Wed, 02 Feb 2000 09:05:11 -0800 From: "Kurt D. Zeilenga" <Ku...@Op...> To: Bob Ollila <ol...@te...> CC: LDAP mailing List <ld...@um...> References: <3.0...@in...> At 08:56 AM 2/2/00 -0500, Bob Ollila wrote: >Also, is the ldapsearch program portable to any LDAP implementation, or is it exclusively a Netscape program? There may be some slight differences, I give a basic example. You will likely have to augment it with additional arguments (such as authentication, select server, etc). I've used quotes to escape shell input, your shell may require different escaping. Fetch the subschema DN for 'cn=x,dc=example,dc=com': ldapsearch -b 'cn=x,dc=example,dc=com' -s 'base' \ '(objectclass=*)' subschemasubentry If subschema is available, it should return a DN. Let's say it returned 'cn=subschema,dc=example,dc=com', you could then: ldapsearch -b 'cn=subschema,dc=example,dc=com' -s 'base' \ '(objectclass=subschema)' attributeTypes to get a list of supported attributeTypes. You could also request objectclasses and schema items. A couple of notes: subschemasubentry is an LDAPv3 feature. The server may require you to do bind indicating version 3. In additional, the subschemasubentry may be under access restrictions. However, when using LDAPv3, you should be able to obtain the subschemasubentry and read the referenced subschema subentry for any entry you can modify. You can check for LDAPv3 support by issuing: ldapsearch -b '' -s 'base' \ '(objectclass=*)' supportedLDAPVersion (or by attempting an LDAPv3 bind). You should never assume an arbitrary DN, or the DN listed in the RootDSE's subschemasubentry actually apply to the DN which you are preparing to read or modify. You should always obtain subschema for an entry through that entry's subschema subentry. >And, does anyone know of any utilities which would take the slapd.user_at.conf and slapd.user_oc.conf files and create LDIF files? slapd combined with ldapsearch? Load the schema via configuration files and than dump in LDIF form using ldapsearch. >What I'm working towards here is a >program or script that will install my extended schema, hopefully in an LDAP implementation independent way. Servers are not required to support update of schema information via LDAP. Those that do should support RFC 2252 syntaxes for doing so. >This seems to me to be a common task, so there must be >utilities available. Vendors will hopefully converge on RFC 2252 syntaxes for representing schema information in configuration files.... However, I think such convergence will be slow. |
