deleting a schema in LDAP (LDAP)

This document (7003257) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11

Situation

It is possible to add a schema via yast to the ldap server. But it is not possible to delete this schema again via the same mechanism.

Resolution

The problem is that once a schema is added it has to be ensured that there are no objects or attributes from this schema in the database before it is deleted again. This makes it necessary for the LDAP Admin to remove all entries to this schema before the deletion and that's why there is not automatic delete and
   ldapdelete
does not work either.

To delete the schema the objects and attributes from this schema have to be removed from the database first. Then the ldap server is stopped
   rcldap stop
then the not needed schema deleted from
   /etc/openldap/slapd.d/cn=config/cn=schema/
and then the ldap server started again
   rcldap start

It is not a trvial operation to remove a schema from LDAP and it does not work with the core schemas. SUSE takes no responsibility for any damage you do to your LDAP database if you follow this approach.

The core schemas that should NOT be deleted are
   cn={0}core.ldif
   cn={1}cosine.ldif
   cn={2}inetorgperson.ldif
   cn={3}rfc2307bis.ldif
   cn={4}yast.ldif

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.