Forwarded message about how to retrieve schema information from a
LDAPv3 host...
-------- Original Message --------
Subject: [ldap] RE: dumping an extended schema
Date: Wed, 02 Feb 2000 09:05:11 -0800
From: "Kurt D. Zeilenga" <Ku...@Op...>
To: Bob Ollila <ol...@te...>
CC: LDAP mailing List <ld...@um...>
References: <3.0...@in...>
At 08:56 AM 2/2/00 -0500, Bob Ollila wrote:
>Also, is the ldapsearch program portable to any LDAP implementation, or is it exclusively a Netscape program?
There may be some slight differences, I give a basic example. You
will likely have to augment it with additional arguments (such as
authentication, select server, etc). I've used quotes
to escape shell input, your shell may require different escaping.
Fetch the subschema DN for 'cn=x,dc=example,dc=com':
ldapsearch -b 'cn=x,dc=example,dc=com' -s 'base' \
'(objectclass=*)' subschemasubentry
If subschema is available, it should return a DN. Let's say
it returned 'cn=subschema,dc=example,dc=com', you could then:
ldapsearch -b 'cn=subschema,dc=example,dc=com' -s 'base' \
'(objectclass=subschema)' attributeTypes
to get a list of supported attributeTypes. You could also
request objectclasses and schema items.
A couple of notes: subschemasubentry is an LDAPv3 feature.
The server may require you to do bind indicating version 3.
In additional, the subschemasubentry may be under access
restrictions. However, when using LDAPv3, you should be
able to obtain the subschemasubentry and read the referenced
subschema subentry for any entry you can modify.
You can check for LDAPv3 support by issuing:
ldapsearch -b '' -s 'base' \
'(objectclass=*)' supportedLDAPVersion
(or by attempting an LDAPv3 bind).
You should never assume an arbitrary DN, or the DN listed
in the RootDSE's subschemasubentry actually apply to the
DN which you are preparing to read or modify. You should
always obtain subschema for an entry through that entry's
subschema subentry.
>And, does anyone know of any utilities which would take the slapd.user_at.conf and slapd.user_oc.conf files and create LDIF files?
slapd combined with ldapsearch? Load the schema via configuration
files and than dump in LDIF form using ldapsearch.
>What I'm working towards here is a
>program or script that will install my extended schema, hopefully in an LDAP implementation independent way.
Servers are not required to support update of schema information
via LDAP. Those that do should support RFC 2252 syntaxes for
doing so.
>This seems to me to be a common task, so there must be
>utilities available.
Vendors will hopefully converge on RFC 2252 syntaxes for
representing schema information in configuration files....
However, I think such convergence will be slow.
|
