Adding a custom LDAP schema to a Mac OS 10.5.2 server

This one is driving me crazy as well.

Turns out under the latest version of OpenLDAP the schema definitions are stored in the directory
under a separate branch "cn=config" not "dc=blah,dc=com". The problem I'm having is that the schema branch (cn=schema,cn=config) appears to be locked (possibly by an ACL) and I can't import my custom schema into it.

I've been using ldapbrowser to modify LDAP but it wont let me import my schema description.
I had to do it manually on the command line with ldapadd. (ldapadd -x -H ldap://<LDAP_SERVER>/ -D "cn=config" -W -f <SCHEMA>.ldif.

I was able to import the schema into the root cn=config but not under cn=schema,cn=config. Was working until I rebooted the server now it does not recognize my schema anymore.

Here's a little sample of my schema deffs:

dn: cn={10}DUAConfigProfile, cn=schema, cn=config
olcObjectClasses: {0}( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile'
SUP top STRUCTURALDESC 'Abstraction of a base configuration for a DUA'
MUST ( cn )MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ default
SearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $
authenticationMethod $ followReferrals $ dereferenceAliases $ serviceSearchDescriptor
$ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $
attributeMap $ profileTTL ) )
olcAttributeTypes: {0}( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList'
DESC 'Default LDAP server host address used by a DUA'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase'
DESC 'Default LDAP base DN used by a DUA'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
objectClass: olcSchemaConfig
cn: {10}DUAConfigProfile

Perhaps you've already done this, but there's an "Open Directory" forum under Discussions->Mac OS X Server. You might get some more traction there.

I get the following error message when adding to cn=schema,cn=config (OLCSchemaConfig)

6/12/08 10:03:56 AM Workgroup Manager[28867] Got unexpected error of type eDSAttributeNotFound (-14134) on line 423 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/Inspector/Inspec torPluginView.m

What the F does that mean? Come on Apple get with it, I'm sick of this s@#* not working!

I've changed the ACLs for the config database to be by * write so it should be wide open for editing.

(both in slapd_macosxserver.conf and in olcDatabase={0}config, cn=config olcAccess)

Message was edited by: soulsurf

As glsmith said, you should post your problems on the MacOS Server forums where is more likely you will find someone with knowledge to answer your questions. In the mean time, have you read this?

No...
Haven't read this either:

http://www.openldap.org/doc/admin24/

Hello,

Here is a procedure to add a custom schema on a MacOS 10.5 Server Master LDAP.

1. Copy your file called Custom.schema to /etc/openldap/schema (Same as 10.4)
2. Add the line include /etc/openldap/schema/Custom.schema at the bottom of the file /etc/openldap/slapd.conf (Same as 10.4)
3. Create an archive of the folder /etc/openldap/slapd.d (Just to be safe)
4. Empty the folder /etc/openldap/slapd.d (not delete it just empty it!)
5. Run the command (on root user) «slaptest -v -d 68 -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d» (the -v -d 68 are not necessary just to have more details about what append)
6. Control that the folder /etc/openldap/slapd.d has is files again
7. Restart the computer
8. Launch Workroup Manager
9. Clic the Inspector button and go to the OLCSchemaConfig Menu
10. You schould see now your custom schema in the list of left side of the window!

worked for me! Thank you David! 🙂