Add Attributes and objectClasses to OpenLDAP server over LDAP using .ldif file

Question

As the titles is worded:

I am looking for a way to run an ldapmodify / ldapadd command with bash and by said command it will run an .ldif file and it shall modify the schema of the server.

I have managed to create the following:

test.ldif

dn: OU=Inter Domain,DC=vlad,DC=lan
ou: Inter Domain
objectClass: top
objectClass: organizationalUnit

Bash command:

ldapadd -x -D, "cn=admin,dc=vlad,dc=lan -w admin -H ldap:// -f ldap/test.ldif

The above is just an example of the files and command I am running. I want to be able for example to add a new objectClass: myCustomObjectClass that has various customAttributes1-15.

Is there a way to do this programatically with using some application like Apache Directory Studio?

I tried to add programatically new attributes and objectClasses to openLDAP ldap server but I did not find a way.

UPDATE 1:

Managed to add into the file the following:

dn: cn=schema,cn=config
changetype: modify
add: olcObjectClasses
olcObjectClasses: ( 1.2.3.4.5.6.7.8.9.0 NAME 'myCustomObjectClass'
  DESC 'My Custom Object Class'
  AUXILIARY
  MAY ( customAttribute1 $ customAttribute2 $ customAttribute3 $
        customAttribute4 $ customAttribute5 $ customAttribute6 $
        customAttribute7 $ customAttribute8 $ customAttribute9 $
        customAttribute10 $ customAttribute11 $ customAttribute12 $
        customAttribute13 $ customAttribute14 $ customAttribute15 ) )

In theory it should work but when I try to modify the cn=schema,cn=config it throws the following: Insufficient access (50), I understand that this might happen because even tough I am using an admin access, the schema it`s is managed by the root.

This is the slapcat -n0 output:

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: 3e49b716-55fd-103e-8582-a14a85261557
creatorsName: cn=config
createTimestamp: 20240202095739Z
olcRootPW:: e1NTSEF9d3J4NGVYaUFvaGRmc2dDOXlqT0V0cEFmSWhZYklxWXo=
entryCSN: 20240202095739.321947Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z

dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=vlad,dc=lan
olcLastMod: TRUE
olcRootDN: cn=admin,dc=vlad,dc=lan
olcRootPW:: -----
olcDbCheckpoint: 512 30
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: 3e49fae6-55fd-103e-8589-a14a85261557
creatorsName: cn=admin,cn=config
createTimestamp: 20240202095739Z
olcDbIndex: uid eq
olcDbIndex: mail eq
olcDbIndex: memberOf eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn
 =admin,dc=vlad,dc=lan" write by anonymous auth by * none
olcAccess: {2}to * by self read by dn="cn=admin,dc=vlad,dc=lan" wri
 te by dn="cn=user-ro,dc=vlad,dc=lan" read by * none
entryCSN: 20240202095739.438344Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20240202095739Z

What user or how shall I use the users to be able to call said command?

Answer 1

You would need to use ldapmodify for the schema.

And be careful as this may be hard to reverse.

And I am not a regular user of OpenLDAP. You need an LDIF something like:

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses:  ( ibsobiapp-oid NAME 'ibsOBIApp' AUXILIARY MAY ( ibsOBILogLevel $ ibsOBIRoleMember ) X-NDS_NOT_CONTAINER '1' )

Where ibsobiapp-oid is a "Object Identifiers"

There are some other examples.