How to delete olcAttributeTypes LDAP

IgorTheOverlord

4/28/24, 10:13 AM

Is there a way to delete olcAttributeTypes from my schema?

It's not a system attribute, I added it myself, now I need to delete it.

I'm using LAM (LDAP Account Manager) v5.6

The attribute is located at /etc/openldap/slapd.d/cn=config/cn=schema.ldif

The way I added it was ldapmodify -Y EXTERNAL -H ldapi:/// -f ldif.ldif

Contents of ldif.ldif were:

dn: cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: ( 1.3.6.1.4.1.60136.2
   NAME 'dateOfBirth'
   EQUALITY caseIgnoreMatch
   SUBSTR caseIgnoreSubstringsMatch
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

Output of cat /etc/openldap/slapd.d/cn\=config/cn\=schema.ldif:

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 a489687b
dn: cn=schema
objectClass: olcSchemaConfig
cn: schema
structuralObjectClass: olcSchemaConfig
entryUUID: 9ebc4cc8-4b31-1036-91fd-05bd7cf95e2a
creatorsName: cn=config
createTimestamp: 20161130101510Z
olcAttributeTypes: {0}( 1.3.6.1.4.1.60136.2   NAME 'dateOfBirth'   EQUALITY 
 caseIgnoreMatch   SUBSTR caseIgnoreSubstringsMatch   SYNTAX 1.3.6.1.4.1.146
 6.115.121.1.15 )

Bonus question: How to delete olcObjectClasses?

Another bonus question: Why do all my classes and attributes dissapear from all entries when slapd.service restarts? It's fixed with creating a new .ldif file and adding the same classes and attributes again. Even though classes and attributes dissapear from schema and I can't view entires' values of those attributes, it is back again after applying .ldif file

105

0 + 5

openldap

ldap

user1686

4/29/24, 8:40 AM

Have you tried deleting them...like you would delete any other regular LDAP attribute? OpenLDAP doesn't allow deleting whole schema entries, but it certainly allows deleting their contents.

IgorTheOverlord

4/29/24, 9:10 AM

@user1686 What are schema entries? do you mean objects of a shema like classes and attributes? or entries that consist of those classes and attributes? my question is about how to delete a schema's object, like a class or an attribute. I know how to manage contents of entires in ldap, replace values, delete it, etc. I'd like to know how to delete an object (an olcAttributeTypes in my case) from my schema

user1686

4/29/24, 9:17 AM

No, I mean that a "schema entry" is literally like a regular LDAP entry, it just happens to be under cn=config instead of your usual dc=whatever. So if you know how to replace or delete values in regular LDAP entries, try to apply the same procedure to the "olcAttributeTypes" value of the "cn=schema,cn=config" entry.

IgorTheOverlord

4/29/24, 10:13 AM

@user1686 I tried it, with almost the same syntax as in `ldif.ldif` file, only changes are `changetype: delete` and `delete: olcAttributeTypes` and the command is `ldapdelete -Z -x -D 'uid=ladmin,cn=ldapadmin,dc=whatever,dc=whatever' -w 'admins pass' -f 'ldif.ldif'` I get `invalid dn` error. Or if I change `changetype` to `modify`, and `ldapdelete` to `ldapmodify`, I get `insufficient access` error

IgorTheOverlord

4/29/24, 10:16 AM

@user1686 `ldapdelete -Y EXTERNAL -H ldapi:/// -f ldif.ldif` won't work as well

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to delete olcAttributeTypes LDAP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.