Can LDAP Schema be changed at runtime?
https://stackoverflow.com/questions/10516340
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Because schema, object class definitions, etc. are DirContexts in JNDI, the API allows changing them at runtime (adding new attributes, removing them, etc.). Is this supported, or does this depend on repository implementation? In particular, is this supported by LDAP repositories? If it depends on implementation, I am interested in ApacheDS and OpenDJ.
Solution
The schema might be mutable: whether or not an LDAP client can change the schema depends on whether the directory administrators allow changes to subschema entries. In some servers, but not all, the location of the schema is listed in the root DSE.
Generally, the schema must be readable since LDAP clients require access to matching rules, ordering rules, and attribute syntaxes to perform comparisons of attribute values (language-native comparisons should be avoided and matching rules should be preferred), but whether the schema is mutable depends on whether the administrators allow it for clients.
see also
- LDAP: The Root DSE for more information about the root DSE
OTHER TIPS
Some servers, like OpenDJ, Sun Directory Server..., allows you to dynamically modify the server's schema (provided you have proper permissions), but it is highly recommended that you extend the schema and do not make incompatible changes (such as removing objectClass definition that are currently used by entries).
