openLDAP how to remove the nis schema from the current configuration
openLDAP 2.4 Ubuntu 14.04
I have found this question dn-based linux groups from ldap. I am trying to include the rfc2307bis schema, but it seems the nis schema must be removed from the configuration before including rfc2307bis. How can I remove this nis schema from the current configuration?
I have managed to get it working:
sudo service slapd stop-
sudo slapcat -n0 > ~/config.ldif(configuration backup) -
sudo slapcat -n1 > ~/users.ldif(users and groups backup) - delete the contents of the folder
/etc/ldap/slapd.d(or rename and create a newslapd.dfolder) - delete the contents of the folder
/var/lib/ldap(or rename and create a newldapfolder), I didn't delete just one fileDB_CONFIG - modify
~/config.ldiffile to delete thenisschema sudo slapadd -F /etc/ldap/slapd.d -n 0 -l ~/config.ldifsudo chown openldap:openldap -R /etc/ldap/slapd.dsudo service slapd start-
add
rfc2307bisschema to the ldap configuration:sudo ldapadd -Y EXTERNAL -H ldapi:/// \ -f /etc/ldap/schema/rfc2307bis.ldif -D "cn=admin,cn=config" -W sudo service slapd stop-
modify
~/users.ldif:- add
objectClass: groupOfMembersto group objects - remove lines with the
structuralObjectClass(or just replace the stringstructuralObjectClass: posixGroupwith the stringobjectClass: groupOfMembers)
It should look like this (for group objects only):
dn: cn=groupname,ou=Groups,dc=some,dc=net cn: groupname gidNumber: 501 objectClass: posixGroup objectClass: groupOfMembers objectClass: top description: some description entryUUID: f4599276-d798-1033-80a3-b52a8483a973 creatorsName: cn=admin,dc=some,dc=net createTimestamp: 20140923181242Z memberUid: peterb memberUid: kennyg memberUid: mendyn entryCSN: 20140925190322.990791Z#000000#000#000000 modifiersName: cn=admin,dc=some,dc=net modifyTimestamp: 20140925190322Z - add
sudo slapadd -F /etc/ldap/slapd.d -n 1 -l ~/users.ldifsudo chown openldap:openldap -R /var/lib/ldapsudo service slapd start