openLDAP how to remove the nis schema from the current configuration

openLDAP 2.4 Ubuntu 14.04

I have found this question dn-based linux groups from ldap. I am trying to include the rfc2307bis schema, but it seems the nis schema must be removed from the configuration before including rfc2307bis. How can I remove this nis schema from the current configuration?


I have managed to get it working:

  1. sudo service slapd stop
  2. sudo slapcat -n0 > ~/config.ldif (configuration backup)
  3. sudo slapcat -n1 > ~/users.ldif (users and groups backup)
  4. delete the contents of the folder /etc/ldap/slapd.d (or rename and create a new slapd.d folder)
  5. delete the contents of the folder /var/lib/ldap (or rename and create a new ldap folder), I didn't delete just one file DB_CONFIG
  6. modify ~/config.ldif file to delete the nis schema
  7. sudo slapadd -F /etc/ldap/slapd.d -n 0 -l ~/config.ldif
  8. sudo chown openldap:openldap -R /etc/ldap/slapd.d
  9. sudo service slapd start
  10. add rfc2307bis schema to the ldap configuration:

    sudo ldapadd -Y EXTERNAL -H ldapi:/// \
        -f /etc/ldap/schema/rfc2307bis.ldif -D "cn=admin,cn=config" -W
    
  11. sudo service slapd stop

  12. modify ~/users.ldif:

    • add objectClass: groupOfMembers to group objects
    • remove lines with the structuralObjectClass (or just replace the string structuralObjectClass: posixGroup with the string objectClass: groupOfMembers)

    It should look like this (for group objects only):

    dn: cn=groupname,ou=Groups,dc=some,dc=net
    cn: groupname
    gidNumber: 501
    objectClass: posixGroup
    objectClass: groupOfMembers
    objectClass: top
    description: some description
    entryUUID: f4599276-d798-1033-80a3-b52a8483a973
    creatorsName: cn=admin,dc=some,dc=net
    createTimestamp: 20140923181242Z
    memberUid: peterb
    memberUid: kennyg
    memberUid: mendyn
    entryCSN: 20140925190322.990791Z#000000#000#000000
    modifiersName: cn=admin,dc=some,dc=net
    modifyTimestamp: 20140925190322Z
    
  13. sudo slapadd -F /etc/ldap/slapd.d -n 1 -l ~/users.ldif

  14. sudo chown openldap:openldap -R /var/lib/ldap
  15. sudo service slapd start