Is it possible to change core schema (cn={0}core,cn=schema,cn=config)?
In lpadmodify im getting Insufficient access (50) though i'm using olcRootDn from olcDatabase={0}config. Apache DS just went timeout. And i believe changing the LDAP entry cn={0}core,cn=schema,cn=config from Apache DS will break openldap service at all.
Can anyone please point out to some decent tutorial (as detailed as possible as im new to LDAP and linux as well) if it is possible to change the default schema at all.
What i want is to add attribute type and change several object classes to include uniqueidentifier as MAY attribute.
Say include uniqueidentifier attribute to organization, device, posixAccount object classes.
Create attribute hwNumber.
UPDATE 1
ok, now i can change it with ldapmodify.
my ldif:
dn: cn={0}core,cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: {52}( 1.2.3.4.888.888.1 NAME 'roleMember' DESC 'Reference' SUP uniqueidentifier)
And i can see attribute is created, and can add attribute to entity.
But when i restart the server, slapd fail to start.
Best Answer
Do not change the core schema. As the name implies, it's the core of the LDAP implementation. If you need more or changed attributes, create a local schema instead.