0

As the titles is worded:

I am looking for a way to run an ldapmodify / ldapadd command with bash and by said command it will run an .ldif file and it shall modify the schema of the server.

I have managed to create the following:

test.ldif

dn: OU=Inter Domain,DC=vlad,DC=lan
ou: Inter Domain
objectClass: top
objectClass: organizationalUnit

Bash command:

ldapadd -x -D, "cn=admin,dc=vlad,dc=lan -w admin -H ldap:// -f ldap/test.ldif

The above is just an example of the files and command I am running. I want to be able for example to add a new objectClass: myCustomObjectClass that has various customAttributes1-15.

Is there a way to do this programatically with using some application like Apache Directory Studio?

I tried to add programatically new attributes and objectClasses to openLDAP ldap server but I did not find a way.

UPDATE 1:

Managed to add into the file the following:

dn: cn=schema,cn=config
changetype: modify
add: olcObjectClasses
olcObjectClasses: ( 1.2.3.4.5.6.7.8.9.0 NAME 'myCustomObjectClass'
  DESC 'My Custom Object Class'
  AUXILIARY
  MAY ( customAttribute1 $ customAttribute2 $ customAttribute3 $
        customAttribute4 $ customAttribute5 $ customAttribute6 $
        customAttribute7 $ customAttribute8 $ customAttribute9 $
        customAttribute10 $ customAttribute11 $ customAttribute12 $
        customAttribute13 $ customAttribute14 $ customAttribute15 ) )

In theory it should work but when I try to modify the cn=schema,cn=config it throws the following: Insufficient access (50), I understand that this might happen because even tough I am using an admin access, the schema it`s is managed by the root.

This is the slapcat -n0 output:

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: 3e49b716-55fd-103e-8582-a14a85261557
creatorsName: cn=config
createTimestamp: 20240202095739Z
olcRootPW:: e1NTSEF9d3J4NGVYaUFvaGRmc2dDOXlqT0V0cEFmSWhZYklxWXo=
entryCSN: 20240202095739.321947Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z

dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=vlad,dc=lan
olcLastMod: TRUE
olcRootDN: cn=admin,dc=vlad,dc=lan
olcRootPW:: -----
olcDbCheckpoint: 512 30
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: 3e49fae6-55fd-103e-8589-a14a85261557
creatorsName: cn=admin,cn=config
createTimestamp: 20240202095739Z
olcDbIndex: uid eq
olcDbIndex: mail eq
olcDbIndex: memberOf eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn
 =admin,dc=vlad,dc=lan" write by anonymous auth by * none
olcAccess: {2}to * by self read by dn="cn=admin,dc=vlad,dc=lan" wri
 te by dn="cn=user-ro,dc=vlad,dc=lan" read by * none
entryCSN: 20240202095739.438344Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z

What user or how shall I use the users to be able to call said command?

Improve this question
3
  • You're already doing what you asked in your title and your second paragraph. What is your question? Commented Feb 2, 2024 at 3:41
  • I am not doing what I want to do. I want to add custom attributes and objectClasses but I did not know how. Commented Feb 2, 2024 at 10:25
  • Answered elsewhere: serverfault.com/questions/1152778/insufficient-acces-50-ldap Commented Feb 2, 2024 at 10:44

1 Answer 1

Reset to default
0

You would need to use ldapmodify for the schema.

And be careful as this may be hard to reverse.

And I am not a regular user of OpenLDAP. You need an LDIF something like:

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses:  ( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )

Where ibsobiapp-oid is a "Object Identifiers"

There are some other examples.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Added an update.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.