How to add a new attribute to an existing LDAP objectclass?
Solution 1:
The short answer
Use ldapmodify exactly like you would on a regular ldap entry with multi-valued attributes.
That's pretty much what I expected, but I wasn't 100% sure, due to the {N} indexing that you see when you run an ldap search for the schema.
The long answer
First, find your schema's dn. Something like cn={4}test,cn=schema,cn=config Then write an ldif file and apply it to your directory. On Ubuntu 12.04 I applied it as root with:
ldapmodify -Q -Y EXTERNAL -H ldapi:// -f test.ldif
The part I had issues with was the ldif modify syntax, and what to do with the {N} indexes.
So, the start of your ldif file should be something like:
version: 1
dn: cn={N}test,cn=schema,cn=config
changetype: modify
To modify an objectClass:
delete: olcObjectClasses
olcObjectClasses: <old value>
-
add: olcObjectClasses
olcObjectClasses: <new value>
To modify an attribute:
delete: olcAttributeTypes
olcAttributeTypes: <old value>
-
add: olcAttributeTypes
olcAttributeTypes: <new value>
Some tips I figured out about syntax:
- Ignore the {N} indexes in your ldif file. They get fixed automatically.
- You do need the {N} in your schema's DN.
- Remember the '-' between statements.
- Don't put a new line after the '-'. ldapmodify stops at that new line, so anything after it will not be executed.
- Add new attributes before you modify the objectClass to include them.
- Eliminate all tab characters. They cause the system to produce gibberish.