{"id":239,"date":"2011-03-15T14:43:11","date_gmt":"2011-03-15T13:43:11","guid":{"rendered":""},"modified":"2011-03-16T10:44:56","modified_gmt":"2011-03-16T08:44:56","slug":"schema-conversion-ldap-ldif","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/schema-conversion-ldap-ldif\/","title":{"rendered":"Schema conversion – LDAP to LDIF"},"content":{"rendered":"

The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration.<\/h3>\n

As for now most of schemas, which you can find in Internet is organized into blocks, which contains definitions of attributes and object classes. This looks like:<\/p>\n

attribute type definition:<\/p>\n

\r\nattributetype ( 1.3.6.1.4.1.32349.1.2.2.9 NAME 'accountStatus'\r\n    DESC 'The status of a user account: active, disabled'\r\n    EQUALITY caseIgnoreIA5Match\r\n    SUBSTR caseIgnoreSubstringsMatch\r\n    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26\r\n    SINGLE-VALUE )\r\n<\/code><\/pre>\n
<\/p>\n
object class definition:<\/p>\n
\r\nobjectclass ( 1.3.6.1.4.1.32349.1.2.4.2 NAME 'mailAdmin'\r\n    DESC 'Mail Domain Admin' SUP top STRUCTURAL\r\n    MUST ( mail )\r\n    MAY ( domainGlobalAdmin $ description $ enabledService $\r\n        userPassword $ accountStatus $ cn $ sn $ givenName $\r\n        preferredLanguage $ givenName $ expiredDate $\r\n        mailHost $ lastLoginDate $ accountSetting ))\r\n<\/code><\/pre>\n
those definitions are from iredmail.schema<\/a>, which I use here as example (I put it in attachement too).<\/p>\n
If you use static configuration in slapd.conf<\/code> file, you can just simply put this file in \/etc\/ldap\/schema<\/code> directory, point it in configuration and restart server. But I suppose that you use dynamic configuration, so you need to convert it to LDIF format.<\/h3>\n
For this purpose I recommend to use perl script, which I get from site: http:\/\/directory.fedoraproject.org\/download\/ol-schema-migrate.pl<\/a> (second attachement, hint: you need to change name).<\/p>\n
\r\n\/usr\/bin\/sudo -i\r\ncd \/etc\/ldap\/schema\r\nwget http:\/\/iredmail.googlecode.com\/hg\/iRedMail\/samples\/iredmail.schema\r\nwget http:\/\/directory.fedoraproject.org\/download\/ol-schema-migrate.pl\r\n<\/code><\/pre>\n
NOTE: the script is not very actual and you need to patch it before use. I do not know perl well, but I corrected this and it works for me. Patch is in attachement.<\/p>\n
\r\nwget http:\/\/www.drfugazi.eu.org\/?q=system\/files\/drf-ol-schema-migrate.patch\r\npatch -p0 < drf-ol-schema-migrate.patch\r\nperl ol-schema-migrate.pl -b iredmail.schema > iredmail.ldif\r\n<\/code><\/pre>\n
So, you have converted schema, it is time to add this to directory service:<\/h3>\n
ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f iredmail.ldif<\/code><\/pre>\n
<\/p>\n
Another way to move schemas (exactly all configuration) from slapd.conf<\/code> file to dynamic form is with use of slaptest<\/code> utility. Please check OpenLDAP documentation.<\/p>\n","protected":false},"excerpt":{"rendered":"
The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration.<\/h3>\n
As for now most of schemas, which you can find in Internet is organized into blocks, which contains definitions of attributes and object classes. This looks like:<\/p>\n
attribute type definition:<\/p>\n
\r\nattributetype ( 1.3.6.1.4.1.32349.1.2.2.9 NAME 'accountStatus'\r\n    DESC 'The status of a user account: active, disabled'\r\n    EQUALITY caseIgnoreIA5Match\r\n    SUBSTR caseIgnoreSubstringsMatch\r\n    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26\r\n    SINGLE-VALUE )\r\n<\/code><\/pre>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[],"tags":[54],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-3R","jetpack-related-posts":[{"id":329,"url":"https:\/\/drfugazi.eu.org\/en\/schema-conversion-ldap-ldif\/","url_meta":{"origin":239,"position":0},"title":"Schema conversion – LDAP to LDIF","author":"","date":"Tuesday March 15th, 2011","format":false,"excerpt":"The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration. As for now most of schemas, which you can find in Internet is organized into blocks, which contains\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":354,"url":"https:\/\/drfugazi.eu.org\/en\/opendj-online-schema-modification\/","url_meta":{"origin":239,"position":1},"title":"OpenDJ – online schema modification","author":"drfugazi","date":"Tuesday June 19th, 2012","format":false,"excerpt":"I wrote before about schema conversion to LDIF format and how to add schemas offline by uploading them to config\/schema directory in OpenDJ. Now I will describe how to extend schema online, without restart LDAP server. Most if not all LDAP servers now have possibility to modify configuration and schemas\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":328,"url":"https:\/\/drfugazi.eu.org\/en\/installation-and-configuration-openldap\/","url_meta":{"origin":239,"position":2},"title":"Installation and configuration of OpenLDAP","author":"","date":"Wednesday December  1st, 2010","format":false,"excerpt":"Installation and basic configuration of LDAP directory service (OpenLDAP) on Ubuntu: sudo aptitude install slapd ldap-utils This description is based on HowtoForge document for Karmic Koala. I used to be to configure of OpenLDAP in slapd.conf file, but this is old method. Here we have possibility to modify LDAP configuration\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":230,"url":"https:\/\/drfugazi.eu.org\/en\/installation-and-configuration-openldap\/","url_meta":{"origin":239,"position":3},"title":"Installation and configuration of OpenLDAP","author":"drfugazi","date":"Wednesday December  1st, 2010","format":false,"excerpt":"Installation and basic configuration of LDAP directory service (OpenLDAP) on Ubuntu: sudo aptitude install slapd ldap-utils This description is based on HowtoForge document for Karmic Koala. I used to be to configure of OpenLDAP in slapd.conf file, but this is old method. Here we have possibility to modify LDAP configuration\u2026","rel":"","context":"In \"Mail system\"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/tag\/mail_system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":685,"url":"https:\/\/drfugazi.eu.org\/en\/autofs-in-ldap-configuration-linux-solaris\/","url_meta":{"origin":239,"position":4},"title":"Autofs in LDAP configuration – for Linux and Solaris","author":"drfugazi","date":"Friday November 25th, 2016","format":false,"excerpt":"If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service to store maps. I assume that NFS server (NFSHOME) is already installed, LDAP server and client\u2026","rel":"","context":"In "LDAP"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":330,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-authentication-ldap\/","url_meta":{"origin":239,"position":5},"title":"Mail system authentication in LDAP","author":"","date":"Wednesday March 16th, 2011","format":false,"excerpt":"I suppose that Dovecot and Postfix are up and running, and you can receive and send mail with system user (see previous posts). It is time to configure authentication in LDAP. Use of directory service to user authentication allows for flexible management of mail system, hosting and so on. LDAP\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/239"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=239"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/239\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}