Modifying AD Schema - LDIF File Question
Hi,
I have successfully extended AD schema to support Macs on a vinilla lab domain. I've used AD Schema Analyzer to create the LDIF file. My question is:
Can I use the same LDIF file (created from vinilla lab domain) to extend/ modify the production domain? or is the LDIF file custom to each domain that I would have to create a new LDIF file for production domain?
If I can use the same LDIF file created from the vinilla lab domain, why doesn't Apple just provide us with the LDIF file to import on the domain controller?
Any assistance or advice will be very much appreciated!
Thank you.
Since potentially each AD installation might have a different schema (stock schemas modified) it could be different.
Similar Messages
-
Modify schema using ldif file and ldapmodify
Suppose I want to create a new attribute and add it to a previously created object class; using an ldif file and ldapmpodify.
It seems that my only option is an ldif file that looks like this:
dn:cn=schema
changetype: modify
replace: objectclasses
objectclasses: (...........MAY 'new attribute'...)
This means that the author of the ldif file has to have prior knowledge of the schema, presumably by doing an ldapsearch.
Am I missing anything?
Basically there is a requirement here that developers be able to modify ldap schema on the test server by themselves. (without asking the ldap admin to do so). They currently can add fields to an SQL database with SQL tools so they want to do the same to LDAP.
Any ideas ?That is correct, you'll have to add the attribute and then replace the objectclass. However, you may have to disable schema checking to modify the objectclass.
Someone pointed out in another thread, you can give write access to the schema and config to another user via ACIs.
Another thing to keep in mind, adding attributes/objectclasses via ldapmodify will put everything in 99user.ldif. This could get messy if you need to upgrade or rebuild an instance. I reccommend creating a 98myapp.ldif (or whatever you want) and putting your application specific objectclasses/attributes in there. This will require stopping/starting the server, but it will give you a good handle on what's been changed. In fact, you could require the developers to keep this file in RCS (or other version control) and then you could have a nice history of changes and the ability to go back if necessary.
HTH,
Roger S. -
Hi
I need to extend the schema for iPlanet Dir. 5.0 and I do not want to do so from the console. As per the documentation, I need to either add entries in the 99user.ldif file or define my own custom [00-99]myname.ldif file. I tried this but its not working.
I have made the assumption that there is no explicit import step for the 'user defined' schema files (as it is for user data ldif files). I assume that on start (or on opening the console), I'd be able to see the new schema after the server has read the schema file.
I have verified that entering new objectclasses and attributes from the console adds entries into the 99user.ldif file. So why is the reverse process not working. Can anybody throw some light on this? Also in case my assumptions are faulty, please let me know.
I did not change the aci entries in the existing ldif file. Is any modification needed there? I was logged in as the Directory Manager during this testing process.
regards
Sikka ([email protected])Hi Sikka,
The server reads its schema configuration on startup. If you manually modify the schema files while the server is running, it will not have any effect. You have to restart the server.
The console adds the new schema elements over LDAP (you could do that as well, you only have to modify the cn=schema entry), so the server is aware of the changes immediately and thus restarting is not needed.
I hope this helps.
Bertold -
How do I add an objectclass to existing LDAP server entry using an ldif file?
I am trying to fix an LDAP server that has been operating with schema check off. I need to add an objectclass to the groups so that some attributes that have been added to the groups will be "legal." From the documentation, the changetype: modify will allow the changing/adding of attributes that are already a part of the schema objects that define the entry. It does not look like I can add an objectclass with the modify operation.
If this is the case, then how do I add an objectclass to an existing entry? Using the GUI is not possible since the directory server in question is not being managed with an admin server. Please tell me that I do not have to delete the groups and import them again with an LDIF file that has the new objectclass added.
KentSee this post:
http://softwareforum.sun.com/servlet/ProcessRequest?RHIVEID=181&RPAGEID=135&HOID=50B500000008000000636B0000&USEARCHCONTEXT_CATEGORY_0=_21_%24_7_&USEARCHCONTEXT_CATEGORY_S=0&UCATEGORY_0=_21_%24_7_&UCATEGORY_S=0 -
Goal: To keep custom schema separate from schema patching that takes place in 99user.ldif ( JES patches often update schema here ).
I've created a separate file, put the custom schema into it, stopped and started LDAP. The error log is giving me the following warning message:
WARNING<4154> - DN - conn=-1 op=-1 msgId=-1 - DN Normalize Lazy normalization of schema
Is there some sort of criteria my file is missing? File is owned by Directory Server user and group and has the same permissions as the other schema files. It contains the following elements / format:
dn: schema
objectclass: top
objectclass: ldapSubentry
objectclass: subschema
attributeTypes:
objectClasses:
Additional question:
Does the 99user.ldif file have to be the last file to be loaded into the schema or could you have something like 99www.ldif?I found the fix. I was missing the "cn=" in the DN. For some reason everytime I looked at it I just didn't see it was missing. TGIF.
-
DS6 dse.ldif file keeps getting deleted
I am running Directory Server 6.3 on Solaris 10 U7. Last night I applied various system patches - none of them appear to the related to ldap or the directory server. Some times when I shutdown some thing seems to crash and the system does system dump. When I restart directory fails to start. The log shows
Configuration error The default password storage scheme SSHA could not be read
or was not found in the file /opt/ldap/slapd-server1/config/dse.ldif. It is mandatory.
the dse.ldif file is blank. Fortunately the dse.ldif.startOK is OK. It looks like it had been created or modified during a clean shutdown yesterday evening.
Any thoughts?
thanksHI
I have about 5 GB free on the rpool volume (i.e. /, /opt etc.)
During the patching process (along with trying to get a tape drive working) I rebooted aout 3-4 times. At least twice, it looked like something panicked/crashed/dumped. My guess is that the directory server deleted the existing dse.ldif file, there was a system error, then directory server could not write the new file. it seems odd that at least twice that the crash occured immediately after the file was deleted. Would directory server crash if it can't write files? Server shutdown might take 5 min while various services are closed.
When I stop the ds-myinstance svc with "svcadm" (without rebooting) it looks like it does update dse.ldif (at least time time stamp) , and creates and dse.ldif.bak file. On restarting the service cleanly, the dse.ldif.StartOK file is updated. So it looks like directory server itself is OK but either can't write files because of some other, system-related shutdown issue..
What I may need to try is stopping directory server then shutting down the system and seeing if I get panic/coredumps/file syncs.
Thanks -
Problems publishing a web-access on Sharepoint: Error when modifying list schemes
Good afternoon.
I have an application built with an access database with several forms and web macros which is published on Sharepoint 2010. Through this application - not too big not too complex (ca. 10 tables / less than 2000 records at most) - I receive updates
that are loaded into external applications, mainly excel worksheets, ms project files and so on.
I have been going through the cycle of developing and publishing new versions of the application on the same site for more than a year; suddenly, from severeal weeks ago on, I started receiving the following error affecting random tables (not always the
same) which crashes the compilation and publishing:
"Error when modifying lists schemes. Changing name to "ID" field on list XXXX failed"
And each time the list is different. And of course I am no trying at all to change the name of any ID field !????
Any clue of what might be happening?
Thank youThe article might have missed the step where the blogger might have missed the step. Read the following article and which confirms that you cannot use user controls in SB solutions.
http://msdn.microsoft.com/en-us/library/gg615454.aspx
If you are trying to build this in SharePoint 2013 then you must know that custom code is deprecated from SB solutions.
Deprecation
of Custom Code in Sandboxed Solutions
For SP 2013 your best bet is to create an APP or create a farm solution (God please forgive me). :)
Amit -
How to create an new administrator with ldif files
I need another administrator as orcladmin for create an new tree in OID 11g which groups and right must this administrator have?
Although you can create a superuser account that is able to manage entries, it won't be able to do so using ODSM until 11g Patchset 4.
What this means is that you may use ldapbind/ldapmodify/ldapadd/ldapdelete commands with this new user to do the same operations that you would normally only do using the superuser, but that until a future patchset (currently slated for 11g patchset 4), this user will not be able to login to ODSM.
Attempts to login to ODSM as this new user will fail with:
Error:
ODSM allows only super user to connect to OID.
Connected user is not a super user.
Identify the groups that the superuser is in, as follows:
ldapsearch -p <OID_port> -h <OID_host> -D "cn=orcladmin" -w <pwd> -b "" -s sub "uniquemember=cn=orcladmin" dn
Create a new user entry, to be used as the second superuser.
Add this user as a uniquemember to all the same groups returned in. This can either be done manually, or via the ldapmodify/ldapadd command with an LDIF file with the following syntax:
newadmin.ldif
dn: cn=odisgroup,cn=odi,cn=oracle internet directory
changetype: modify
add: uniquemember
uniquemember: cn=myadmin,cn=users,dc=myorg,dc=com
dn: cn=Provisioning Admins,cn=changelog subscriber,cn=oracle internet directory
changetype: modify
add: uniquemember
uniquemember: cn=myadmin,cn=users,dc=myorg,dc=com
ldapadd -p <OID_port> -h <OID_host> -D "cn=orcladmin" -w <pwd> -f newadmin.ldif
Thanks,
ABP -
How can i separate the ldif file.
Hi,!!
I have a some question.
I was backup db use "db2ldif"
but ldif file size is so big..(about 1.8GB)
So i can't import the file because take a long time.
I want to get the separated ldif file when i use "db2ldif" ,
How can i do.???1) Why is 1.8 GB too big? Solaris 8 has large file support.
2) Did you use ldif2db to import the file? How long did it take?
3) How do you want it separated? By file size?
Please correct me if I'm wrong, but it sounds like you want to be able to do db2ldif -SIZE, which would create many LDIF files with a maximum size of SIZE. Then you want to be able to import them all e.g.
cat ldif1 ldif2 ... ldifN | ldif2db -s mysuffix -i -
This would "solve" problem 1) (although it shouldn't be a problem). But this would not solve problem 2) because it would still take just as long.
I'm not sure what your real problem is, if any. -
IS BT CLOUD ALTERING THE "MODIFIED DATE" ON MY FIL...
Hi
I have BT Cloud 2GB Free running as both the downloaded "auto sync" software and also using the Chrome Browser Interface. I am on Windows XP.
I only use Cloud to backup word / excel documents and family photos - basic things I just dont want to risk losing.
I recently noticed something odd, when I sorted my BT Cloud View by "Date Modified" about twenty very 'old' files suddenly appeared at the top of the view - files I hadnt used in about 5 or 6 years.
I definitely had not accessed these files yet when I went to look at them in "My Computer" and clicked on "Properties" I could see that the "Modified Date" had changed. In fact it seems that about a dozen or so files had been "modified" over night while my PC was left on in the next room. No other dates had changed on the files - it did not look like they had been "Re-Saved" I dont think since the original author had not changed.
I started to monitor this and noticed about half a dozen files having their "modified dates" changed every day for the last three or four days. Its only Documents (Word Powerpoint Excel Text etc) that are being modified.
And heres the thing - I ran a search on my computer of files modified in the last week and the only ones where I could not explain the change were files that are being backed up by "BT CLOUD" so its slightly possible there is a link. Of course this could be coincidence but I thought this might be a good initial avenue to explore since without BT Cloud's interface view of my files I would never have even noticed the problem in the first place.
I'm pretty sure its not a Virus - I run my own Scanner every few days, its always up to date and I have Real Time Scanning enabled. I also ran a couple of online scans last night (Norton etc) and they found nothing.
Its a recent development because I use Cloud every week and would have noticed before if things were changing.
So a couple of questions really:
Firstly has anyone else experienced this problem - I read somewhere that Some Virus Scanners can alter the Modified Date on your files unintentionally but the MS hotfix says this only happens in Vista/Win 7 I think and I am on XP. Could it be that when BT Cloud Scans the file it affects its modified date on your PC ?
Secondly Could anyone else access my files in BT Cloud and modify them, and if so would that change to the 'online file' be represented back on my own PC when I "Synced" my backup
Many thanks in advance for any help anyone can offer.I assume your raws are in DNG format? If xmp is in sidecar, it won't change raw file date.
Anyway, saving xmp does not change any dates in Lightroom, so you should still be able to sort by edit time or capture time...
But if you want control, you have to save manually instead of automatically.
Two things that might help:
1. Filter based on metadata status.
2. robcole.com - DNGPreviewUpdater
Rob -
Hi,
I'm exporting a .ldif file from sun ds 5.2 to importing it to sun ds 6.3. I have to make some changes in the .ldif file after exporting it.
in 5.2, dc=example,dc=com
in 6.3 dc=misc,dc=example,dc=com (adding dc=misc. can this be correct)
The following is the code. could you tell me what additions I have to make before importing it.
Also, is there any error in the following commands
./dsconf create-suffix -h localhost -p 8389 dc=misc,dc=example,dc=com
./dsconf import -h localhost -p 8389 /export/home/user/Example.ldif dc=misc,dc=example,dc=com
Example.ldif file is the exported file.
dn: dc=misc,dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=abc,dc=misc,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: abc
dn: cn=abc_users,dc=misc,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: abc_users
description: abc Users at example
uniqueMember: uid=abc_user,ou=abc,dc=misc,dc=example,dc=com
dn: uid=abc_user,ou=abc,dc=misc,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
givenName: abc-user
sn: client
cn: abc-user client
uid: abc_user
userPassword: {SSHA}lksd;koqoqpowk&iqdnlI exported ldif through softerra LDAP administrator. How do I export to ldif in sun ds 5.2 from the command line.
These are the commands I have used to import ldif file.
creating suffix, already created suffix, and overwritung it.
./dsconf create-suffix -h 1192.169.2.100 -p 8389 dc=misc,dc=example,dc=com
Enter "cn=Directory Manager" password:
"dc=misc,dc=example,dc=com": suffix already exists.
The "create-suffix" operation failed on "192.169.2.100:8389".
./dsconf import -h 192.169.2.100 -p 8389 /export/home/user/example.ldif dc=misc,dc=example,dc=com
Enter "cn=Directory Manager" password:
New data will override existing data of the suffix "dc=misc,dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.
Do you want to continue [y/n] ? y
## Index buffering enabled with bucket size 40
## Beginning import job...
## Processing file "/export/home/user/example.ldif"
## WARNING: skipping entry "dc=misc,dc=example,dc=com" which violates schema, ending line 5 of file "/export/home/user/example.ldif"
## Finished scanning file "/export/home/user/example.ldif" (3 entries)
## WARNING: Skipping entry "ou=abc,dc=misc,dc=example,dc=com" which has no parent, ending at line 10 of file "/export/home/user/example.ldif"
## WARNING: Skipping entry "cn=abc_users,dc=misc,dc=example,dc=com" which has no parent, ending at line 17 of file "/export/home/user/example.ldif"
## WARNING: Skipping entry "uid=abc_user,ou=abc,dc=misc,dc=example,dc=com" which has no parent, ending at line 27 of file "/export/home/user/example.ldif"
## Workers finished; cleaning up...
## Workers cleaned up.
## Cleaning up producer thread...
## Indexing complete.
## Starting numsubordinates attribute generation. This may take a while, please wait for further activity reports.
## Numsubordinates attribute generation complete. Flushing caches...
## Closing files...## Import complete. Processed 3 entries (4 were skipped) in 3 seconds. (1.00 entries/sec)
Can I export from sun ds 5.2 and import to sun ds 6.3 using commands
how do I do that
Please help me
thanks,
Charan -
Unable to upload the updated/modified Report template (rtf file) in siebel
Hi,
I am unable to upload the updated/modified Report template (rtf file) if already exists in the local database.
Initially I have uploaded a rtf template, generated xliff, registered it and can view the report from the registered view. Later I have made few changes to the rtf template, in the reports template view, I have uploaded this. When i run the report in the registered view, I am able to see the earlier version and it doesnt show me the updated changes.
I am using 8.1.1.3 siebel and BIP 10.1.3.3.1 on local.
Looking at the metalink found "How To Upload Modified RTF Template Files In The Siebel Application For BI Publisher Reporting [ID 1136418.1]" which is related to server but I am working on local database
Please find attached the template, xml file. can you please look into this and update me ASAP
Thanks,
RVHi,
Not able to find Report - Standard templates or Report - Custom templates view in Administration - BIP reports in Siebel 8.1.1.3?
We have applied 8.1.1.3 patch on 8.1.1.0
below are the steps followed
Reports are not generated after 8.1.1.3 patch installtion.
we have also followed to below steps mentioned for this issue in oracle support.
"In order to resolve this behavior it is necessary to ensure that the 8.1.1.3 FixPack has been applied to the Siebel Tools installation. This will provide an additional .zip file in the REPPATCH folder of the Siebel Tools installation. Once this has been done please then follow the configuration steps as documented :
change sysprefix to X_ before sif import and chage back to SBL_ after sif import.
1) Import the sif files from Siebel\8.1\Tools_1\REPPATCH\12-1VMBCSV.zip
2) Import the 4 SIF files in the following order:
S_XMLP_REP_TMPL_02112010.sif
SBL_XMLP_REPORT_SELECTION_FLG.sif
Report Template BC.sif
Report Template Registration Applet.sif
3)Apply the DDL for table S_XMLP_REP_TMPL and compile repository
Once the above steps have been completed the Selected Record flag will appear in the Report Template Registration views."
we still not able to generated able to generate reports even after following above steps.
Thanks
Sean -
How to create custom attributes & object classes through ldif files in OID
Hi,
I have to create 4 attributes and one object class(custom) in OID. I want to creae these attributes and object class through LDIF file.
I tried creating an attribute through this command
ldapadd -p 389 -h localhost -D cn=orcladmin -w password -f D:/newattr.ldif
this ldif file contains inf. for creating a new attributes:
dn: cn=subschemasubentry
changetype: add
add: attributetypes
attributetypes: ( 1.2.3.4.5.6.10 NAME "xsUserType_new" DESC "User Type Definition" EQUALITY caseIgnoreMatch
SYNTAX "1.3.6.1.4.1.1466.115.121.1.15" )
I am getting error: Object class violation
Failed to find add in mandatory or optional attribute list.
Please help to find where I am going wrong...
Thanks.Hi Ajay,
Thank you for the help. Now i am able to create both attributes and object classes in OID through Ldif files.
I was getting constraint violation error because (I think) I was not giving proper naming convection for attributes and object classes. For OID, there are certain Ldap naming conventions. They are as follows:
# X below is the enterprise number assigned by IANA
1.3.6.1.4.1.X.1 - assign to SNMP objects
1.3.6.1.4.1.X.2 - assign to LDAP objects
1.3.6.1.4.1.X.2.1 - assign to LDAP syntaxes
1.3.6.1.4.1.X.2.2 - assign to LDAP matchingrules
1.3.6.1.4.1.X.2.3 - assign to LDAP attributes
1.3.6.1.4.1.X.2.4 - assign to LDAP objectclasses
1.3.6.1.4.1.X.2.5 - assign to LDAP supported features
1.3.6.1.4.1.X.2.9 - assign to LDAP protocol mechanisms
1.3.6.1.4.1.X.2.10 - assign to LDAP controls
1.3.6.1.4.1.X.2.11 - assign to LDAP extended operations
By using these conventions for attributes and object class, I did got any error and they were created in OID.
Thanks a zillion.
Kalpana. -
How to modify an existing xml file from java code.
Hi
I have worked on creating a new xml file from java code using xmlbeans.But if i try to modify an already existing file using java code I am unable to get errorfree xmlfile.
For example if xml file(studlist.xml) is as below:
<?xml version="1.0" encoding="UTF-8"?>
<StudentList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="D:\kchaitanya\xmlprac1\abc\Studlist.xsd">
<Student>
<Name>ram</Name>
<Age>27</Age>
</Student>
<Student>
<Name>sham</Name>
<Age>26</Age>
</Student>
</StudentList>
Now suppose i have set name to victor using student.setName,
and set age to 20 using setAge from javacode,
the new xml file is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<StudentList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="D:\kchaitanya\xmlprac1\abc\Studlist.xsd">
<Student>
<Name>ram</Name>
<Age>27</Age>
</Student>
<Student>
<Name>sham</Name>
<Age>26</Age>
</Student>
</StudentList>
<Student>
<Name>victor</Name>
<Age>20</Age>
</Student>
As observed this is not a valid xml file.But how can i modify without any errors?I know it's an old post, but I found this while doing a google search for something else, and don't like to leave it un-aswered
Just in case anyone has a similar problem... In this case the new elements have been appended outside of the root element
What you need to do is first get the root element and then append the new children to that, there are several ways of getting the root element, which depend on what you want to do with the elements you get back here's a simple (incomplete) way.
// gets the root element of the specified file (code not shown)
Element rootElement= new SAXReader().read(file).getRootElement();Then just append the new elements as below (this is non-generic code and would need to be modified for your situation)
// write a new student element
Element student = document.createElement("Student"); // creates the new student
rootElement.appendChild(student); // ***appends it to the root element***
Element name = document.createElement("Name"); // creates the name element
name.appendChild(document.createTextNode("Fred")); // adds the name text to the name element
student.appendChild(name); // appends the name to the student
Element age= document.createElement("Age"); // creates the age element
age.appendChild(document.createTextNode("26")); // adds the age text to the age element
student.appendChild(age); // appends the name to the studentThen flush ya buffers or whatever and write the file
Edited by: Dream-Scourge on Apr 23, 2008 11:10 AM -
How to accessed,created and modified date of particular file in java
Hi,
I am facing one problem.
I know how to get the modified date/time of file in java.
but i don't know how to find created and accessed date/time of file in java.
Thanks,
TejasI guess thats not possible in in Windows.
But if u r trying it on a unix machine.
You can use Runtime class to call exec on the command
ls -l filename
and then store the result in a file . And then take out the last modified time. But you cant get created time.
Thats a clumpsy way i believe.
Maybe you are looking for
-
Getting the Username and password Of Enterprise Portal in WebDynPro
Hi Friends, I have developed one webdynpro application to read the excel sheet from KM Repository. i have used URL to open the connection to that excel file and to get the Inputstream. While opening the connection to the excel, I'
-
How do I copy songs from my iPhone to iTunes and how do I "refresh" my iTunes library?
I had a HTC and switched over to iPhone, so I deleted the HTC Manager and all of it's contents, so it erased all of my music and now every song in iTunes has the little ! icon next to it and I cant get rid of them. Also, is there a way to copy the so
-
MacBook Air 11" Screen melted a hole
My MacBook Air 11" was sitting on my desk at home in standby with the lid closed. Later in the afternoon I opened the lid and there was a real hole burnt into the middle of the display. The first visit to the genius bar was rather unsuccessful. The l
-
There is a balloon tips dialogue box that appears when the cursor hovers over text or information box. For example, if you move your cursor over an empty box while filling out a form the little box appears next to the cursor and says "Enter name." Th
-
Hello everyone, Whenever I try to use the transaction code OAYR I am facing an error "Company code KMC is not defined", Message no. AC519. I have looked in the Tables T093C, T093U, T093B, T093D for an entry and I havent found any table entries for