Updating LDAP schema

If changes to LDAP schema have been delivered with the release you just installed, this procedure ensures that your LDAP schema is in the correct format.

Note: This procedure should be performed by an LDAP administrator who is familiar with the ldifgen utility.
Note: See the release notes for more information on when to perform this procedure.

Depending on the releases you are installing from and to, it is possible that no schema changes have been made and, therefore, your system does not need updating. There is no harm in running these commands even if the schema is already up-to-date.

For more information, see "Running the ldifgen Utility" in the Resources and Security Administration Guide.

  1. Generate an LDIF file. At the command line, type either of the following commands:

    ldifgen updateschema -D binddn -H URL -h host -p port -w LDAPpasswd -f outputfile -r reorgfile [-vZ]

    OR

    ldifgen updateschema -D binddn -H URL -w LDAPpasswd -f outputfile -r reorgfile [-vZ]

    See the install.cfg for the following values:

    • binddn is LDAPBINDDN
    • URL is the LDAP_PROVIDER_URL
    • host is LDAPHOST
    • port is LDAPPORT
  2. Run one of the following commands.

    For IBM Directory Server: If your LDAP instance is installed on IBM Directory Server, use ldapmodify as shown below:

    ldapmodify -D AdministratorDN -w AdminPassword -p LDAPPort -h LDAPServerName -f <input-ldif-file> -v

    Where:

    • AdministratorDN is the DN of your LDAP administrator.
    • LDAPServerName is the machine name or IP address where the LDAP is installed.
    • LDAPPort is the listening port for the instance of the LDAP you will load the file to.
    • AdminPassword is the administrator password for your LDAP.
    • input-ldif-file is the LDIF file that resulted from step 1.

    For ADAM/AD LDS: If your LDAP instance is installed on ADAM or AD LDS, use ldifde as shown below:

    ldifde -b <AdministratorDN> <LDAPWindowsDomain> * -s <LDAPServerName> -t <LDAPPort> -i -f <input-ldif-file> -v

    Where:

    • AdministratorDN is the DN of your LDAP administrator.
    • LDAPWindowsDomain is the domain for the LDAP administrator.
    • LDAPServerName is the machine name or IP address where the LDAP is installed.
    • LDAPPort is the listening port for the instance of the LDAP you will load the file to.
    • input-ldif-file is the LDIF file that resulted from step 1.