• Bez kategorii

Schema conversion – LDAP to LDIF

The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration.

As for now most of schemas, which you can find in Internet is organized into blocks, which contains definitions of attributes and object classes. This looks like:

attribute type definition:


attributetype ( 1.3.6.1.4.1.32349.1.2.2.9 NAME 'accountStatus'
    DESC 'The status of a user account: active, disabled'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE )

object class definition:


objectclass ( 1.3.6.1.4.1.32349.1.2.4.2 NAME 'mailAdmin'
    DESC 'Mail Domain Admin' SUP top STRUCTURAL
    MUST ( mail )
    MAY ( domainGlobalAdmin $ description $ enabledService $
        userPassword $ accountStatus $ cn $ sn $ givenName $
        preferredLanguage $ givenName $ expiredDate $
        mailHost $ lastLoginDate $ accountSetting ))

those definitions are from iredmail.schema, which I use here as example (I put it in attachement too).

If you use static configuration in slapd.conf file, you can just simply put this file in /etc/ldap/schema directory, point it in configuration and restart server. But I suppose that you use dynamic configuration, so you need to convert it to LDIF format.

For this purpose I recommend to use perl script, which I get from site: http://directory.fedoraproject.org/download/ol-schema-migrate.pl (also in attachement, hint: you need to change name).

/usr/bin/sudo -i
cd /etc/ldap/schema
wget http://iredmail.googlecode.com/hg/iRedMail/samples/iredmail.schema
wget http://directory.fedoraproject.org/download/ol-schema-migrate.pl

NOTE: the script is not very actual and you need to patch it before use. I do not know perl well, but I corrected this and it works for me. Patch is in attachement, download it and patch as follows:

patch -p0 < drf-ol-schema-migrate.patch

Now you can convert schema:

perl ol-schema-migrate.pl -b iredmail.schema > iredmail.ldif

So, you have converted schema, it is time to add this to directory service:

ldapadd -Y EXTERNAL -H ldapi:/// -f iredmail.ldif

Another way to move schemas (exactly all configuration) from slapd.conf file to dynamic form is with use of slaptest utility. Please check OpenLDAP documentation.

Schema conversion – LDAP to LDIF

The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration.

As for now most of schemas, which you can find in Internet is organized into blocks, which contains definitions of attributes and object classes. This looks like:

attribute type definition:


attributetype ( 1.3.6.1.4.1.32349.1.2.2.9 NAME 'accountStatus'
    DESC 'The status of a user account: active, disabled'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE )

object class definition:


objectclass ( 1.3.6.1.4.1.32349.1.2.4.2 NAME 'mailAdmin'
    DESC 'Mail Domain Admin' SUP top STRUCTURAL
    MUST ( mail )
    MAY ( domainGlobalAdmin $ description $ enabledService $
        userPassword $ accountStatus $ cn $ sn $ givenName $
        preferredLanguage $ givenName $ expiredDate $
        mailHost $ lastLoginDate $ accountSetting ))

those definitions are from iredmail.schema, which I use here as example (I put it in attachement too).

If you use static configuration in slapd.conf file, you can just simply put this file in /etc/ldap/schema directory, point it in configuration and restart server. But I suppose that you use dynamic configuration, so you need to convert it to LDIF format.

For this purpose I recommend to use perl script, which I get from site: http://directory.fedoraproject.org/download/ol-schema-migrate.pl (second attachement, hint: you need to change name).


/usr/bin/sudo -i
cd /etc/ldap/schema
wget http://iredmail.googlecode.com/hg/iRedMail/samples/iredmail.schema
wget http://directory.fedoraproject.org/download/ol-schema-migrate.pl

NOTE: the script is not very actual and you need to patch it before use. I do not know perl well, but I corrected this and it works for me. Patch is in attachement.


wget http://www.drfugazi.eu.org/?q=system/files/drf-ol-schema-migrate.patch
patch -p0 < drf-ol-schema-migrate.patch
perl ol-schema-migrate.pl -b iredmail.schema > iredmail.ldif

So, you have converted schema, it is time to add this to directory service:

ldapadd -Y EXTERNAL -H ldapi:/// -f iredmail.ldif

Another way to move schemas (exactly all configuration) from slapd.conf file to dynamic form is with use of slaptest utility. Please check OpenLDAP documentation.

Może Ci się również spodoba

Dodaj komentarz