6

I need to add an attribute to sun ds schema and assign it to an existing custom object class.

I know how to add an attribute but how can i add the attribute to an existing custom object class.

Please help.

Thanks

user2818666
  • 185
  • 2
  • 2
  • 9

1 Answers1

6

Create the new attributeTypes definition, and add the new attribute name to the objectClasses MUST or MAY clause.

This example below shows the above using a file in the config/schema directory.

dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
##
## The new attribute type
##
attributeTypes: ( stackOverflowQuestionID-oid
  NAME 'stackOverflowQuestionID'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  DESC 'Describes the ID of a stack overflow question.'
  X-ORIGIN 'StackOverflow question.' )
##
## An existing object class
##
objectClasses: ( stackOverflow-oid NAME 'stackOverflow'
  SUP top
  STRUCTURAL
  MUST cn
  MAY (
    description $
    stackOverflowQuestionID
  ) X-ORIGIN 'StackExchange network' )

The example above can be used as a file in the config/schema directory, or the attributeTypes and objectClasses can be added/modified using LDAP in under cn=schema.

LDIF change records

dn: cn=schema
changetype: modify
add: attributeTypes
##
## The new attribute type
##
attributeTypes: ( stackOverflowQuestionID-oid
  NAME 'stackOverflowQuestionID'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  DESC 'Describes the ID of a stack overflow question.'
  X-ORIGIN 'StackOverflow question.' )

For the existing objectClass, create an LDIF change record that deletes the original and then adds it back, this time including the new MUST or MAY clause. Or, as you say, use an LDAP browser to update the objectClasses attribute.

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
  • Thanks. I know the format. I want to know how i can do it through command prompt using ldap. I would like to use ldif and ldapmodify for this. Can i simply modify object class in cn=schema from ldap browser. Is it advisable? – user2818666 Oct 21 '13 at 08:00
  • To use `ldapmodify` you'll have to create an LDIF change record for each change to make. Updated the answer. – Terry Gardner Oct 21 '13 at 08:03
  • do i need to delete the object class? and is it ok if i use ldap browser to update objectclasses will there be a problem? And i have many entries with that object class. Will it cause any problem? Thank you. – user2818666 Oct 21 '13 at 08:30
  • If you use an LDAP browser there is no needed to delete the objectClasses attribute. If you add the new schema elements via LDAP, then the value of the objectClasses attribute will have to be changed, which means deleted and re-added. There is no problem with the entries as long as the objectClass of which they are a member is restored. For using LDIF to replace a value of a multi-valued attribute (objectClasses in this case), see [Replace value of multi-valued attribute](http://www.ldapguru.info/ldap/replace.html) – Terry Gardner Oct 21 '13 at 12:12
  • @TerryGardner Could you post an example of how to "create an LDIF change record that deletes the original and then adds it back"? – not2savvy May 20 '21 at 10:21