After my previous post about “How to add new schema to OpenLDAP 2.4+” , I’m just writing a new post to explain how to delete a custom schema in OpenLDAP 2.4+ because it’s not really easy and there is not a lot of documentation and “how-to” about this subject.
Firstly, you must know that it’s not possible to delete an entire schema using normal OLC features (cn=config). The process must be made manually. Follow these steps:
Get corresponding DN
Firstly, you must know the corresponding DN of your schema using this ldapsearch command:
[email protected]:# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config config* dn: cn=config dn: cn=module{0},cn=config dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}nis,cn=schema,cn=config dn: cn={3}inetorgperson,cn=schema,cn=config dn: cn={4}nsaproject,cn=schema,cn=config dn: olcBackend={0}hdb,cn=config dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={0}config,cn=config dn: olcDatabase={1}hdb,cn=config
According to my previsous post, we want to delete the cn={4}=nsaproject. Keep in mind this name.
Stop the OpenLDAP server
Now, we must stop the ldap server.
[email protected]:# /etc/init.d/slapd stop
Backuping the important files
Before deleting something, be sure to make a backup of your current stable configuration.
[email protected]:# cd /etc/ldap/slapd.d/ [email protected]:# mkdir backup [email protected]:# cp cn\=config.ldif backup/ [email protected]:# cp -R cn\=config backup/
Delete the schema
From the slapd.d directory, navigate to cn=config/cn=schema. In this directory you will find all the schema LDIF files including the file cn={4}nsaproject.ldif . Delete this file and restart the server. Normally, it should start correctly.
[email protected]:# cd /etc/ldap/slapd.d/cn\=config/cn\=schema/ [email protected]:# rm cn\=\{4\}nsaproject.ldif [email protected]:# /etc/init.d/slapd start
Verification
Now, you can verify that the schema is correctly removed used the same command that in the first paragraph.
[email protected]:# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config config* dn: cn=config dn: cn=module{0},cn=config dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}nis,cn=schema,cn=config dn: cn={3}inetorgperson,cn=schema,cn=config dn: olcBackend={0}hdb,cn=config dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={0}config,cn=config dn: olcDatabase={1}hdb,cn=config
We can look that the schema is not present.
Excellent. Helped me solve this problem.