Unable to remove attributes from an Auxillary Class or change OIDs.

  • Document ID:3220775
  • Creation Date:08-Nov-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      eDirectory

Environment

Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8.2 for All Platforms
Novell iManager 2.7
Novell ConsoleOne 1.36h

Situation

Neither iManager nor ConsoleOne will allow an attribute to be removed from an Auxiliary Class.
Syntax error ( -21 ) trying to modify an object class' optionals or trying to change its OID.
Running a sch file to change an object class' OID is not successful.

Resolution

Below is an example of how to remove an attribute from an Aux Class via LDAP.

This example assumes the following:
- Two attributes were created in the tree: newattr1 and newattr2.
- An Auxiliary Class was created called MyObjectClass.
- The attribute, newattr2, is no longer needed and we wish to delete it from the tree.

1. Export out the information on the object class from which the attribute is to be deleted.
Run the following command:

ldapsearch -x -h hvserver.provo.novell.com -D 'cn=admin,o=novell' -w novell -b 'cn=schema' -s base 'objectclass=subschema' | grep MyObjectClass

This will return something like: objectClasses: (2.1.5.5.5 NAME 'MyObjectClass' AUXILIARY MAY (attr1 attr2)). Make note of the OID number and optionals.

2. Create an LDIF file and run the LDAP command to remove the uneeded attribute.
Now we have to run an LDAP command to redefine the optionals on the objectclass minus the one we no longer need.
Create an LDAP file for this named attr.ldif containing the text below:

dn: cn=schema
changetype: modify
delete: objectclasses
objectClasses:(2.1.5.5.5)
-
add: objectclasses
objectClasses: (2.1.5.5.5 NAME 'MyObjectClass' MAY (attr1) X-NDS_NOT_CONTAINER '1')


Once saved we need to run an LDAP command to modify shema referencing the LDIF file just created:

ldapmodify -x -h hvserver.provo.novell.com -D"cn=admin,o=emg" -w novell -f attr.ldif

If you get a return saying "modifying entry"cn=schema", it worked. If using C1 you will have to click on the refresh icon to see the change.

3. If desired you may now delete the attribute altogether using either LDAP or your management utility of choice.

NOTE: The ldapmodify operation will return a syntax error ( -21 ) if the Aux Class was initially created without specifying a OID (ANS1 Name).

When an OID is not specified a "temporary OID" is assigned to the object class. Therefore, if the object class name = NewAuxClass2 then the OID assigned is newauxclass2-oid. Running the command:

ldapsearch -x -h hvserver.provo.novell.com -D "cn=admin,o=novell" -w novell -b"cn=schema" -s base "objectclass=subschema" | grep NewAuxClass2

will show this. This prevents the modification of the optionals list from occurring and the OID cannot be changed to a permanent OID via LDAP either. It can only be changed via a SCH file import. To make matters even more interesting, neither iManager, C1 nor sch.exe will work - only running NWCONFIG from a NetWare server will work. If there is not a NetWare server in the tree you will need to open a call with Novell Technical Services to resolve the issue.

Below are the steps involved in changing the object class' OID.

1. Create the SCH file:

Open a text editor, add the following lines and save the file as a text file with a name of, say, oid.sch.
-------------------------------------------------------------------
-- Novell eDirectory OID Change Script
-- Changes the OID from a temporary OID to a permanent one.
-- The first number in the OID must be the numeral 0,1, or 2.
-------------------------------------------------------------------

UpdateOID {} DEFINITIONS ::=
BEGIN

"NewAuxClass2" OBJECT-CLASS ::=
{
Operation MODIFY,
ASN1ObjID {2 1 5 5 5}
}

END

Change the NewAuxClass2 name to whatever your class is called. Regarding the OID (ASN1ObjID) number being assigned: It needs to be a unique OID in your tree as well as unique from already registered OIDs.
The OID used in the example is only an example. The best long term solution is to get a registered OID from IANA (Internet Assigned Numbers Authority). Keep in mind the first number needs to be a 0, 1 or 2.

2. Copy the modified file to sys:system\schema.

3. Load NWCONFIG - Extend Schema - and specify the path AND file ( sys:\system\schema\oid.sch ).

4. Now the OID has changed. You need to modify your LDIF file to reflect the new OID then run the ldapmodify again.

You should now see that the optionals list has been updated. You can now remove the attribute from your tree altogether.

Whenever creating an object class ensure it has been assigned an OID. This is very important as LDAP uses the OID instead of the actual object class name during some operations.

Additional Information

The benefit of using Auxiliary Classes is that once an attribute is no longer needed the attribute can be removed from the Aux Class and deleted. Unfortuntately, the management utilities will not allow this. Therefore it will have to be done via ldap.

Formerly known as TID# 10100281
Formerly known as TID# NOVL104960

Change Log

2011-11-23 AB: Fixed a typo where the ldapsearch/ldapmodify commands had 'iw' instead of '-w' to specify the next parameter would be a password.  Also fixed a few instances of formatting against the KCS standard.