[Pkg-openldap-devel] slapd: Replace default nis schema (with Puppet and replication)

georg at riseup.net georg at riseup.net
Wed Sep 14 10:21:03 UTC 2016 

Hi all,

I'm setting up a new multi-master slapd setup with Debian jessie. 

As I would like to user the 'memberof' module and overlay, to get
'memberof' mapping working, I want to remove the currently default (?)
nis schema and replace it with rfc2307bis. One way to do this is to
manually stop slapd, remove the schema and replace it, fix permissions
and ownership etc., and start slapd again. 

As this is setup is done via Puppet, I'm not really sure how do to this:
At first I've tried to just do it after the installation, _before_
setting up replication. However, this leads to errors like "empty
syncUUID", which breaks the replication, I guess because of me doing
this "by hand".

The other way works: Set up replication first, and after this change the
schema. However, I'm still searching for a clever way to handle this via
Puppet, because this task should be synchronized on all the servers.

Quoting "New Features and Enhancements in 2.4" [1]: 
"In 2.3 you were only able to add new schema elements, not delete or
modify existing elements. In 2.4 you can modify schema at will. (Except
for the hardcoded system schema, of course.)" Up until now I've failed
to find more information about this while digging trough the Internets:
All sources which I read so far talk about the manual way.

So, three questions:
- Is it currently possible to remove the nis schema and replace it with
  rfc2307bis, right from the beginning?
- Does someone know of a "better way" to change the schema than doing it
  manually?
- Besides: Any hints, clever ideas, whatever, how to deal with this?

Thanks in advance and especially for your work!
All the best,
Georg


[1] http://www.openldap.org/doc/admin24/appendix-changes.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20160914/4bd1dd1b/attachment.sig>

More information about the Pkg-openldap-devel mailing list