Update LDAP schema when using dynamic OpenLDAP backend

When running OpenLDAP with the dynamic cn=config backend you can't update the schema by just inserting the new file in the schema directory. Below you can find the required steps to update a LDAP schema.

Add the new LDAP schema file to the schema direct /etc/openldap/schema

Create the file schema_convert.conf and add the following lines:
 

include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
include         /etc/openldap/schema/zarafa.schema

Create a directory /tmp/ldif_output

mkdir /tmp/ldif_output

Create the LDIF files for the schemas with the slaptest command

slaptest -f schema_convert.conf -F /tmp/ldif_output

As you can't do an online update of the full schema, the best thing is to stop the slapd service and replace the ldif file.

service slapd stop
mv /etc/openldap/slapd.d/cn\=config/cn\=schema/cn\=\{12\}zarafa.ldif /root
mv /tmp/ldif_output/cn\=config/cn\=schema/cn\=\{14\}zarafa.ldif /etc/openldap/slapd.d/cn\=config/cn\=schema/

Before the ldap service can be started again, make sure the permissions are correct.

chown ldap:ldap /etc/openldap/slapd.d/cn\=config/cn\=schema/*
service slapd start

If everything is done correctly, the new attributes in the schema can be used.