Convert LDAP schemata to cn=config of Openldap 2.4.x

This is how i converted old config style ldap schemata to openldap’s 2.4.x cn=config style.

Create an output directory:

$ mkdir /tmp/ldif_output

create a file to include all the schemas needed (and dependencies)

$ vim /tmp/schema_convert.cfg
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/pmi.schema
include /etc/ldap/schema/ppolicy.schema
include	/tmp/ldapns.schema

run the conversation:

$ slaptest -f schema_convert.cfg -F /tmp/ldif_output
you might see error messages like this one:
/tmp/ldapns.schema: line 22 objectclass: AttributeType not found: "host"

in this case, make sure to include all schemata that your new one depends on. this is because your new schema uses an attribute type you did not define upfront. you could either define it yourself in your .schema file. but i recommmend to rather have a look at /etc/ldap/schema/*.schema and find which schema defines that attribute.

if the slaptest command finished successfully you should find a directory structure like this in /tmp/ldif_output:

$ ls -lR /tmp/ldif_output/
total 8
drwxr-x--- 3 root root 4096 Nov 30 10:37 cn=config
-rw------- 1 root root  875 Nov 30 10:37 cn=config.ldif
total 48
drwxr-x--- 2 root root  4096 Nov 30 10:39 cn=schema
-rw------- 1 root root 33583 Nov 30 10:37 cn=schema.ldif
-rw------- 1 root root   513 Nov 30 10:37 olcDatabase={0}config.ldif
-rw------- 1 root root   525 Nov 30 10:37 olcDatabase={-1}frontend.ldif
total 84
-rw------- 1 root root  1212 Nov 30 10:37 cn={0}corba.ldif
-rw------- 1 root root  6375 Nov 30 10:37 cn={10}pmi.ldif
-rw------- 1 root root  3236 Nov 30 10:37 cn={11}ppolicy.ldif
-rw------- 1 root root   850 Nov 30 10:37 cn={12}ldapns.ldif
-rw------- 1 root root 15428 Nov 30 10:37 cn={1}core.ldif
-rw------- 1 root root 11290 Nov 30 10:37 cn={2}cosine.ldif
-rw------- 1 root root  4414 Nov 30 10:37 cn={3}duaconf.ldif
-rw------- 1 root root  1622 Nov 30 10:37 cn={4}dyngroup.ldif
-rw------- 1 root root  2784 Nov 30 10:37 cn={5}inetorgperson.ldif
-rw------- 1 root root  2518 Nov 30 10:37 cn={6}java.ldif
-rw------- 1 root root  1448 Nov 30 10:37 cn={7}misc.ldif
-rw------- 1 root root  6420 Nov 30 10:37 cn={8}nis.ldif
-rw------- 1 root root  1252 Nov 30 10:37 cn={9}openldap.ldif

now feel free to edit the newly create ldif file you are after.

once done you can just use ldapadd to add the new schema:
for example like this

ldapadd -x -D cn=admin,cn=config -f /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{12\}ldapns.ldif

Thats it.


  1. i can’t generate the ldif file of my schema after slaptest(openldap default schema files are no problem),my console show these message:
    51a2c7f4 using config directory D:/Develop_Soft/OpenLDAP/tmp/schema_convert.cfg -F D:/Develop_Soft/OpenLDAP/tmp/ldif_output, error 9
    config file testing succeeded

  2. not working:

    adding new entry “cn={12}pmi”
    ldap_add: Server is unwilling to perform (53)
    additional info: no global superior knowledge

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.