Removal of opsi4ucs schema

SirTux · March 5, 2021, 3:49pm

Hi,

I’m trying to get rid of the old opsi4ucs schema following this article:

schlapschema still complains althought I can’f find any references in the LDAP und and in the backup LDIF anymore:

60424e13 UNKNOWN attributeDescription "OPSIDEPOTREMOTEURL" inserted.
60424e13 UNKNOWN attributeDescription "OPSIDEPOTLOCALURL" inserted.
60424e13 UNKNOWN attributeDescription "OPSIHOSTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIISMASTERDEPOT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIHOSTKEY" inserted.
60424e13 UNKNOWN attributeDescription "OPSINETWORKADDRESS" inserted.
60424e13 UNKNOWN attributeDescription "OPSIREPOSITORYLOCALURL" inserted.
60424e13 UNKNOWN attributeDescription "OPSIMAXIMUMBANDWIDTH" inserted.
60424e13 UNKNOWN attributeDescription "OPSIREPOSITORYREMOTEURL" inserted.
60424e13 UNKNOWN attributeDescription "OPSIDEPOTWEBDAVURL" inserted.
60424e13 UNKNOWN attributeDescription "OPSINOTES" inserted.
60424e13 UNKNOWN attributeDescription "OPSIDEFAULTVALUE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIEDITABLE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPOSSIBLEVALUE" inserted.
60424e13 UNKNOWN attributeDescription "OPSICONFIGID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIMULTIVALUE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIDESCRIPTION" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPACKAGEVERSION" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTTYPE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIDEPOTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTVERSION" inserted.
60424e13 UNKNOWN attributeDescription "OPSILOCKED" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTNAME" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTCHANGELOG" inserted.
60424e13 UNKNOWN attributeDescription "OPSIUNINSTALLSCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTLICENSEREQUIRED" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTADVICE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIUPDATESCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIONCESCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIUSERLOGINSCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTPRIORITY" inserted.
60424e13 UNKNOWN attributeDescription "OPSIALWAYSSCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSICUSTOMSCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSISETUPSCRIPT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPROPERTYID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTPROPERTYVALUE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIOBJECTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSICLIENTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIACTIONRESULT" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTACTIONPROGRESS" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTACTIONREQUEST" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTINSTALLATIONSTATUS" inserted.
60424e13 UNKNOWN attributeDescription "OPSIMODIFICATIONTIME" inserted.
60424e13 UNKNOWN attributeDescription "OPSITARGETCONFIGURATION" inserted.
60424e13 UNKNOWN attributeDescription "OPSILASTACTION" inserted.
60424e13 UNKNOWN attributeDescription "OPSIVALUE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPXECONFIGTEMPLATE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIGROUPID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIMEMBEROBJECTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIREQUIREDPRODUCTID" inserted.
60424e13 UNKNOWN attributeDescription "OPSIINSTALLATIONSTATUSREQUIRED" inserted.
60424e13 UNKNOWN attributeDescription "OPSIREQUIREMENTTYPE" inserted.
60424e13 UNKNOWN attributeDescription "OPSIPRODUCTACTION" inserted.

What should I do?

Best,
Stefan

SirTux · March 5, 2021, 4:12pm

By the way, if a ignore this messages and start slapd everything seems to be functional

pmhahn · March 5, 2021, 4:24pm

The schema is still used internally by OpenLDAP, which does not support schema removal.
You have to do a manual slapcat / slapadd cycle to get completely rid of the schema.
See Problem: After a ldap schema was removed, there are still some references in your ldap

SirTux · March 5, 2021, 4:27pm

Does this have any impact to the LDAP replication to the other DCs? Would it also be possible to register the schema as LDAP object?

EDIT: Like it was implemented in UCS 4.4-3 errata 476

pmhahn · March 6, 2021, 9:56am

Does this have any impact to the LDAP replication to the other DCs?

Yes, you have to to the dump-resore cycle on all DCs, starting on Master/Primary and then all others downstream.
(OpenLDAP builds an internal mapping for all OIDs when using LMDB, which is append-only. Even when you remove the .schema file the internal mapping remains as OpenLDAP must prevent any other OID mapping to a previously used internal ID. The only way to remove any such mapping is by completely removing the old LMDB files and building them from scratch.)

Would it also be possible to register the schema as LDAP object?

Yes, we just recently did this for UVMM erratum 906. See Packaging LDAP Schema Extensions and udm settings/ldapschema

SirTux · March 6, 2021, 10:39am

Ok then I prefer this way. The most important thing is that I can remove the package:

. /usr/share/univention-lib/ldap.sh
ucs_registerLDAPExtension --schema opsi.schema --packagename opsi4ucs-ldap-schema --packageversion 4.0.1.8-1

I assume I can do the same for univention-legacy-kolab-schema?

. /usr/share/univention-lib/ldap.sh
ucs_registerLDAPExtension --schema /usr/share/univention-ldap/schema/legacy/kolab2.schema
 --packagename univention-legacy-kolab-schema --packageversion 2.0.1-1.21.201111081525
ucs_registerLDAPExtension --schema /usr/share/univention-ldap/schema/legacy/univention-kolab2.schema
 --packagename univention-legacy-kolab-schema --packageversion 2.0.1-1.21.201111081525
ucs_registerLDAPExtension --schema /usr/share/univention-ldap/schema/legacy/kolab-legacy.schema
 --packagename univention-legacy-kolab-schema --packageversion 2.0.1-1.21.201111081525
ucs_registerLDAPExtension --schema /usr/share/univention-ldap/schema/legacy/rfc2739.schema
 --packagename univention-legacy-kolab-schema --packageversion 2.0.1-1.21.201111081525

SirTux · March 6, 2021, 12:08pm

That actually worked but I’ve got an schema error:

60436c10 /var/lib/univention-ldap/local-schema/kolab-legacy.schema: line 39 objectclass: AttributeType not found: "kolabHomeServer"
slapindex: bad configuration file!
[....] Starting slapd (via systemctl): slapd.serviceJob for slapd.service failed because the control process exited with error code.

SirTux · March 6, 2021, 1:05pm

I assume I have to call ucr commit /etc/ldap/slapd.conf after removing the package?