Installing custom ldap schema

Installing custom LDAP Schema

   KB 5799        Last updated on 2015-07-12  

(0 votes)


When extending ZCS, it is sometimes desirable to add additional LDAP schema to the OpenLDAP server shipped with ZCS. Starting with the 6.0 release, the new config backend is used, which means that the traditional *.schema files are no longer in play. Instead, LDIF-based versions of the old schema files are used by the new config backend. This means that traditional "schema" files need to be converted to the new LDIF format for ZCS to be able to use them.

NOTE FOR 5.0 to 6.0 UPGRADE WIKI FOLLOWERS Do not run the ldap stop/ldap start commands in this section, you want to leave your ldap server stopped.

New layout of the schema directory

It is important to understand how the new LDIF based schema files are used by the cn=config directory. To start, let's examine the contents of the directory:

 ls /opt/zimbra/data/ldap/config/cn\=config/cn\=schema
 cn={0}core.ldif  cn={1}cosine.ldif  cn={2}inetorgperson.ldif  cn={3}zimbra.ldif  cn={4}amavisd.ldif

As you can see there are multiple *.ldif files. The {#} format indicates the load order of the files in the cn=schema directory. I.e., cn={3}zimbra.ldif would be the fourth file loaded. Zimbra reserves the first 10 slots (cn={0}... to cn={9}) for internal use. OpenLDAP will operate correctly even if the entire load sequence is not fully populated (i.e., if it goes from cn={4} to cn={10} with no schema in between). So when adding new custom schema, be sure to number them outside the {0} to {9} range, or problems may occur in the future.

If you do an upgrade from 5.0, it may be that this directory does not exist yet, just create and follow the rest of the instructions.

Installing schema that are already converted

Some of the additional schema files shipped with OpenLDAP have already been converted into the LDIF-schema format, such as the one used by NIS services. This makes installing them a bit simpler, but it still takes a few steps. As the zimbra user:

ldap stop
cp /opt/zimbra/openldap/etc/openldap/schema/nis.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/cn\=\{10\}nis.ldif
cd /opt/zimbra/data/ldap/config/cn\=config/cn=\schema

Then modify it so that the following lines are changed from:

 dn: cn=nis,cn=schema,cn=config
 objectClass: olcSchemaConfig
 cn: nis


 dn: cn={10}nis
 objectClass: olcSchemaConfig
 cn: {10}nis


chmod 600 cn\=\{10\}nis.ldif
ldap start

Converting and installing schema with the new LDIF format

Fortunately, a utility to convert the old schema files to the new LDIF format is shipped with the ZCS OpenLDAP build, and the conversion process is fairly trivial. It consists of creating a temporary configuration file to load the old schema, and specifying a path to write out the new file, using the slaptest binary to do the conversion. Depending on the schema file needing conversion, it may be necessary to load additional schema files as part of the process.

For example, to convert the Samba 3.3 schema into an LDIF-format for use with ZCS, one would do the following as the zimbra user:

 mkdir -p /tmp/ldap/schema
 cd /tmp/ldap
 cp /path/to/samba.schema /tmp/ldap/schema

Create a file called "test.conf" with the following contents

 include /opt/zimbra/openldap/etc/openldap/schema/core.schema
 include /opt/zimbra/openldap/etc/openldap/schema/cosine.schema
 include /opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema
 include /tmp/ldap/schema/samba.schema

Then execute

 /opt/zimbra/openldap/sbin/slaptest -f /tmp/ldap/test.conf -F /tmp/ldap

This will create a new "cn=config" directory in /tmp/ldap. If you examine its contents, you'll see:

 ls cn\=config
 cn=schema  cn=schema.ldif  olcDatabase={0}config.ldif  olcDatabase={-1}frontend.ldif

Note the cn=schema directory. This directory will contain the converted files, so let's go there:

 cd cn\=config/cn\=schema
 cn={0}core.ldif  cn={1}cosine.ldif  cn={2}inetorgperson.ldif  cn={3}samba.ldif

As you can see, there is now a samba.ldif file, which is what has been converted from the Samba schema file. We'll need to renumber the cn={3}samba.ldif file as noted above because ZCS reserves the first 10 slots. To do this, we need to rename it and then modify it. For example, to put the Samba schema in slot number 12:

 mv cn\=\{3\}samba.ldif cn\=\{11\}samba.ldif

Then modify it so that the following lines are changed from:

 dn: cn={3}samba
 objectClass: olcSchemaConfig
 cn: {3}samba


 dn: cn={11}samba
 objectClass: olcSchemaConfig
 cn: {11}samba

To finish, we need to copy the new file in to the ZCS OpenLDAP schema directory, as the zimbra user:

 ldap stop
 cp /tmp/ldap/cn\=config/cn\=schema/cn\=\{11\}samba.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/
 ldap start


Verified Against: Zimbra Collaboration Server 8.0, 7.0 Date Created: 5/26/2009
Article ID: Date Modified: 2015-07-12

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search