speedy zinc wrote: >Let's say, my apps have some specific needs for data, >which is not covered by existing standard schema. So, >I create extended schema. Let's say I have 3 apps >right now, and I can't forsee what future apps will >need in terms of schema definition. > >And let's say I've been using the FDS for 2 years, and >have 20K users. Then I want to add new apps, which >require to extend schema again. Assuming that I don't >have to change any existing schema, do I have to >rebuild the whole ldap directory, or can I just add >the new schema, and tell the server that the new >attributes are now allowed in >inetOrgPerson/Person/posixAccount/etc? > > If you are _extending_ your schema, you can add the new schema elements, then populate new and existing entries with the new fields and such. You do not have to rebuild your directory. If you change the schema such that you remove some attributes, or change their type, etc, things get a little trickier, but in general, you shouldn't need to do this to add support for new apps. I would recommend strongly against modifying existing objectclasses, especially standardized ones. Instead, create a new objectclass that is inherited from the one you want to extend (or from objectclass top if it's something truely new) >The important thing is, I don't want to rebuild >anything, not to interrupt any service. > > If you make the changes via console, they should take affect without even having to restart the server. I you edit the schema files by hand, you have to restart the server for it to take effect. Note that if your schema files are not just right, the server may not start. >I see there are quite a few of Netscape schema, for >specific apps, such as Collabra Server, etc. How do I >add app-specific schema like that without rebuilding >the directory? Or do I have to rebuild it everytime a >new schema is added? > > If you add things via console, it adds to 99user.ldif. But... if you want to organize things a bit better, you can create separate files (say, 99appx.ldif for appx specific schema, etc). You can craft these by hand, but it might be easier to create the schema in console on a test server, then copy/paste the appropriate definitions into a new file and drop that onto your production server. You'll need a restart for this to take effect. Somewhere along the line, schema in 99user.ldif started being replicated to replicas to keep the schema in sync. Not sure if this happened before or after the Sun/Netscape split of the server. Any custom files you create, plus the 99user.ldif (if it's not replicated) will have to be copied to replica servers. >Please bear with me, I have no real life experience >with LDAP, just learning here, and throw in the >questions that I can't figure out from googling :) > > Sure - everyone has to start somewhere :) - Jeff