LDAP – Fixing ldap_modify Server Unwilling to Perform (53) in OpenLDAP

ldapldifopenldapschema

I have created this custom and very basic schema:

objectclass ( 2.25.2.2.1
    NAME 'myObjectClass'
    DESC 'myObjectClass objectclass'
    STRUCTURAL
    MUST ( cn )
    )

I have added it without problem with this myObjectClass.ldif file:

dn: cn=myObjectClass,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: myObjectClass
olcObjectClasses: {0}( 2.25.2.2.1 NAME 'myObjectClass' DESC 'myObjectClass objectclass' STRUCTURAL MUST cn )

Using ldapmodify:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f myObjectClass.ldif

Now I'm trying to delete it with delete.ldif:

dn: cn=schema,cn=config
changetype: modify
delete: objectClass
objectClass: 2.25.2.2.1

Using ldapmodify always get ldap_modify: Server is unwilling to perform (53):

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f delete.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=schema,cn=config"
ldap_modify: Server is unwilling to perform (53)

I'm running Ubuntu 14.04 Server with OpenLDAP 2.4.31

I have searched this in the official docs:

A.2.2. Better cn=schema functionality

In 2.3 you were only able to add new schema elements, not delete or
modify existing elements. In 2.4 you can modify schema at will.
(Except for the hardcoded system schema, of course.)

Can someone share any clue?

Thanks in advance!

Best Answer

The way to modify schema configuration in 2.4 version of the Openldap server is:

  • Remove all entries who use this schema

Then

stopping slapd using slapcat to export the dynamic config to LDIF Modifying the LDIF export to remove the schema in question Remove (or rename) your old dynamic config directory slapadd the updated LDIF start slapd

According this talk on the official site.

Related Topic