Hi, On 9/25/19 6:20 PM, Quanah Gibson-Mount wrote: > --On Wednesday, September 25, 2019 6:57 PM +0200 Michael Ströder > <[email protected]> wrote: > >> IIRC back-mdb needs export / re-import to make the OID change. > > Why would back-mdb require an export/import for an OID change in the > schema? OpenLDAP does not store the OID internally in the binary > databases.
Thanks for the replies, but the database backend is "hdb".
The attributes in question were placed in the nis schema
cn={3}nis,cn=schema,cn=config:
---
{25}( 1.3.6.1.1.1.1.28 NAME 'groupMemberShip' EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
{26}( 1.3.6.1.1.1.1.29 NAME 'apple-generateduid' DESC 'generated unique
ID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
---
I have moved these attributes via ldapmodify with this ldif:
---
dn: cn={3}nis,cn=schema,cn=config
changetype: modify
replace: olcAttributeTypes
olcAttributeTypes:
#...copy off all schema attributes but the two I want to move...#
dn: cn={5}kerio-mail-server,cn=schema,cn=config
changetype: modify
add: olcAttributeTypes
olcAttributeTypes: {15}(1.3.6.1.4.1.10311.1.2.2.29 NAME
'groupMemberShip' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26)
olcAttributeTypes: {16}(1.3.6.1.4.1.10311.1.2.2.30 NAME
'apple-generateduid' DESC 'generated unique ID' EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
---
But after that the existing groupMemberShip attributes were purged from
the user objects. We use VMs and I have done snapshots before this
change, so I could roll back.
Did I move the attributes the wrong way?
Kind regards,
Tobias
signature.asc
Description: OpenPGP digital signature
