[389-users] No schema?
Rich Megginson
rmeggins at redhat.com
Mon Jul 16 16:10:53 UTC 2012
On 07/16/2012 10:03 AM, Gary Algier wrote:
> On 07/13/12 11:42, Rich Megginson wrote:
>> On 07/13/2012 09:41 AM, Gary Algier wrote:
>>> Hello:
>>>
>>> I just installed a fresh install of the 389 DS from EPEL and I see
>>> no schema:
>>>
>>> -------------------------------------------------------------
>>> # ldapsearch -x -h localhost -s sub -b cn=schema -wxxxxxxxx \
>>> -Dcn=directory\ manager
>>> # extended LDIF
>>> #
>>> # LDAPv3
>>> # base <cn=schema> with scope subtree
>>> # filter: (objectclass=*)
>>> # requesting: ALL
>>> #
>>>
>>> # schema
>>> dn: cn=schema
>>> objectClass: top
>>> objectClass: ldapSubentry
>>> objectClass: subschema
>>> cn: schema
>>>
>>> # search result
>>> search: 2
>>> result: 0 Success
>>>
>>> # numResponses: 2
>>> # numEntries: 1
>>> -------------------------------------------------------------
>>>
>>> If I look at /etc/dirsrv/slapd-*/schema I see lots of files all with
>>> all
>>> sorts of contents. Is the schema unavailable by design? I also
>>> looked with
>>> 389-console and I see nothing in the schema.
>>>
>>> Version information:
>>> # rpm -q 389-ds
>>> 389-ds-1.2.1-1.el5
>> rpm -q 389-ds-base
>> ?
>>
>> Note that in later 389 releases, the schema was made LDAPv3
>> compliant. The
>> schema attributes attributeTypes, objectClasses, matchingRules, etc. are
>> defined by LDAPv3 to be operational attributes. This means they must be
>> specified explicitly in the ldapsearch command line e.g.
>>
>> ldapsearch -x -h localhost -s sub -b cn=schema -wxxxxxxxx \
>> -Dcn=directory\ manager "objectclass-*" \* attributeTypes
>> objectClasses ....
>>> # grep ^ /etc/*release*
>>> /etc/redhat-release:CentOS release 5.8 (Final)
>>>
>>>
>
> All versions, just in case:
> # % rpm -qa | grep 389-
> 389-ds-1.2.1-1.el5
> 389-ds-base-libs-1.2.9.9-1.el5
> 389-ds-console-doc-1.2.6-1.el5
> 389-dsgw-1.1.9-1.el5
> 389-admin-console-1.1.8-1.el5
> 389-ds-base-1.2.9.9-1.el5
> 389-admin-console-doc-1.1.8-1.el5
> 389-console-1.1.7-3.el5
> 389-ds-console-1.2.6-1.el5
> 389-admin-1.1.29-1.el5
> 389-adminutil-1.1.15-1.el5
>
>
> So I need to ask specifically for the attributes, but I should still
> see the dns, shouldn't I?
What does "dns" mean? If you mean Distinguished Name (DN) then yes, the
schema entry has the DN cn=schema, which is printed below.
>
> # ldapsearch -x -h localhost -s sub -b cn=schema -wxxxxxxxx \
> -Dcn=directory\ manager "objectclass=*" \* attributetypes
> objectclasses |
> grep -i ^dn:
> dn: cn=schema
>
>
> My goal here is to get a dump of the schema so I can compare it to my
> live DS5.2 server in preparation for migration. Are there any other
> tools for doing this kind of thing?
python-ldap has a nice schema parser
Note that if you want to use shell tools for things like grep and sed
you'll have to unwrap the ldif - see
http://richmegginson.livejournal.com/18726.html
> I have seen discussion of migration but everything seems to assume
> that the schemata match.
>
More information about the 389-users
mailing list