How do I install a new schema for OpenLDAP on Debian 5 with dynamic config=cn backend?

debian debian-lenny openldap

I'm answering my own question because I wanted to know how to solve the problem while using the new slapd.d/dynamic/cn=config backend and I didn't wanted going back to the slapd.conf method. (Almost nobody is doing this, AFAICT)

When I try to add the new schema using `ldapadd, I was always getting the following error:

ldapadd -H ldap://whatever.test.com -D "cn=admin,dc=whatever,dc=test,dc=com" -x -W -f mozillaabpersonalpha.ldif
ldap_add: Insufficient access (50)

So the BindDN I was using does not have that privileges. I would need to setup an ACL or to use the rootDN for that operation.

I don't know why, but when configuring the slapd debian package, it allowed me to create an admin account for my on DIT, but it mentioned nothing about the rootDN. After some browsing, I found this Blog that explains how to set the password of the rootDN while using the cn=config schema.

So, edited the file /etc/ldap/slapd.d/cn=config/olcDatabase\=\{0\}config.ldif and added the following:

olcRootDN: cn=admin,cn=config
olcRootPW: mypassword

I had to restart the slapd for the changes to take effect (It shouldn't be necessary, but ...). In order to test it, I ran the following command:

ldapwhoami -H ldap://whatever.test.com -D "cn=admin,cn=config" -x -w mypassword

And it worked! The next step was to load the mozillaAbPersonAlpha schema in ldif format using ldapadd:

ldapadd -H ldap://whatever.test.com -D "cn=admin,cn=config" -x -w mypassword -f mozillaabpersonalpha.ldif

The response was successful

adding new entry "cn=mozillaabpersonalpha,cn=schema,cn=config"

Finally, adding one user that depends on the mozillaABPersonAlpha schema is now possible. For example, the file newuser.ldif has this:

dn: uid=somedude,cn=Whatever,dc=test,dc=com
sn: Some Dude
givenName: Dude
mail: [email protected]
mozillaCustom1: Engineering
l: Somewhere
objectClass: inetOrgPerson
objectClass: top
objectClass: person
objectClass: mozillaAbPersonAlpha
uid: somedude
cn: Some Dude

And adding it to the new directory (not using the rootDN account) works now:

ldapadd -H ldap://whatever.test.com -D "cn=admin,dc=whatever,dc=test,dc=com" -x -W -f usertest.ldif 
Enter LDAP Password: 
adding new entry "uid=somedude,cn=SomeGroup,cn=whatever,dc=test,dc=com

Related

CentOS networking BNX2
Creating a *Consistent* *Online* MySQL Backup with InnoDB AND MyISAM tables
Filesystem performance tuning options for ext3
How to enable key forwarding with ssh-agent?
How can I remove my users from local admin rights with a GPO?
best practice for fixing mysql slow query log error 13
Reducing ZFS stream size for offsite backup
How do I create an instance store based AMI from an EBS instance?
How to allow remote connections from non localhost clients with ssh remote port forwarding?
IIS get back default config
Installing an SSL Certificate in Windows Server 2008 using powershell
Nginx and PHP FPM is slow