Dynamic schema

Edit online

You must use the ldap_modify API with a DN of cn=schema to run a dynamic schema change. You can add, delete, or replace only one schema entity at a time. For example, an attribute type or an object class.

To delete a schema entity, provide the oid in parentheses:

 ( oid )

You can also provide a full description. In either case, the matching rule that is used to find the schema entity to delete is objectIdentifierFirstComponentMatch.

To add or replace a schema entity, you must provide an LDAP Version 3 definition and you might provide the IBM® definition. In all cases, you must provide only the definition or definitions of the schema entity that you want to affect.

For example, to delete the attribute type cn (its OID is 2.5.4.3), use ldap_modify() with:

LDAPModattr;
LDAPMod *attrs[] = { &attr, NULL };
char*vals [] = { "( 2.5.4.3 )", NULL };
attr.mod_op= LDAP_MOD_DELETE;
attr.mod_type= "attributeTypes";
attr.mod_values= vals;
ldap_modify_s(ldap_session_handle, "cn=schema", attrs);

To add an attribute type bar with OID 20.20.20 that has a NAME of length 20 chars:

char*vals1[] = { "( 20.20.20 NAME 'bar' SUP NAME )", NULL };
char*vals2[] = { "( 20.20.20 LENGTH 20 )", NULL };
LDAPModattr1;
LDAPModattr2;
LDAPMod *attrs[] = { &attr1, &attr2, NULL };
attr1.mod_op = LDAP_MOD_ADD;
attr1.mod_type = "attributeTypes";
attr1.mod_values = vals1;
attr2.mod_op = LDAP_MOD_ADD;
attr2.mod_type = "IBMattributeTypes";
attr2.mod_values = vals2;
ldap_modify_s(ldap_session_handle, "cn=schema", attrs);

Note: You cannot change the ACCESS-CLASS type to or from system or restricted.

See Working with attributes for examples by using the Web Administration Tool and the idsldapmodify command.

See the Programming Reference section in the IBM Security Verify Directory documentation for more information about the ldap_modify API.