[HowTo] Delete custom schema in OpenLDAP 2.4+

After my previous post about “How to add new schema to OpenLDAP 2.4+” , I’m just writing a new post to explain how to delete a custom schema in OpenLDAP 2.4+ because it’s not really easy and there is not a lot of documentation and “how-to” about this subject.

Firstly, you must know that it’s not possible to delete an entire schema using normal OLC features (cn=config). The process must be made manually. Follow these steps:

Get corresponding DN

Firstly, you must know the corresponding DN of your schema using this ldapsearch command:

root@ldapserver:# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config config*

dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}nsaproject,cn=schema,cn=config
dn: olcBackend={0}hdb,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}hdb,cn=config

According to my previsous post, we want to delete the cn={4}=nsaproject. Keep in mind this name.

Stop the OpenLDAP server

Now, we must stop the ldap server.

root@ldapserver:# /etc/init.d/slapd stop
 Backuping the important files

Before deleting something, be sure to make a backup of your current stable configuration.

root@ldapserver:# cd /etc/ldap/slapd.d/
root@ldapserver:# mkdir backup
root@ldapserver:# cp cn\=config.ldif backup/
root@ldapserver:# cp -R cn\=config backup/
 Delete the schema

From the slapd.d directory, navigate to cn=config/cn=schema In this directory you will find all the schema LDIF files including the file cn={4}nsaproject.ldif . Delete this file and restart the server. Normally, it should start correctly.

root@esisbeosip1test:# cd /etc/ldap/slapd.d/cn\=config/cn\=schema/
root@esisbeosip1test:# rm cn\=\{4\}nsaproject.ldif
root@esisbeosip1test:# /etc/init.d/slapd start
 Verification

Now, you can verify that the schema is correctly removed used the same command that in the first paragraph.

root@ldapserver:# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config config*

dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: olcBackend={0}hdb,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}hdb,cn=config

We can look that the schema is not present.

Bookmark the permalink.

One Comment

  1. Excellent. Helped me solve this problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.