[SOLVED] OpenDJ: Editing 'gecos' schema syntax causes 'posixAccount' to be removed and creates a duplicate OID

OpenDJ: Editing 'gecos' schema syntax causes 'posixAccount' to be removed and creates a duplicate OID

OpenDJ 4.4.11
RHEL 7.9

Currently, our production LDAP servers are on OpenDJ 4.4.11. We did not have a pre-prod environment so I decided to make one for upgrade testing. While setting up the server to match production, I encounter schema issues.

I need to update the 'gecos' attributeType that comes with an OpenDJ install. We have users who need the syntax 1.3.6.1.4.1.1466.115.121.1.15 for accents, etc. I apply the following:

/opt/opendj/bin/ldapmodify --port 389 --bindDn cn=manager --bindPassword $CNMAN 
/opt/opendj/ldif/mod_gecos.ldif

which contains:

dn: cn=schema
changetype: modify
delete: attributeTypes
attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN '04-rfc2307bis.ldif' )
-
add: attributeTypes
attributeTypes: ( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'draft-howard-rfc2307bis' X-SCHEMA-FILE '99-user.ldif' )

This completes successfully, but then after several minutes OR a service restart, /opt/opendj/bin/stop-ds --restart I get the following:

category=CONFIG severity=WARNING msgID=761 msg=The config schema file '04-rfc2307bis.ldif' generated warning when trying to update schema with its content: [Unable to register attribute type name with the server schema because its OID 2.5.4.41 conflicts with the OID of an existing attribute type name, Validation of object class definition ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( authPassword $ userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'draft-howard-rfc2307bis' X-SCHEMA-FILE '04-rfc2307bis.ldif' ) failed and will be removed from the schema: The object class "posixAccount" specifies the optional attribute type "gecos" which is not defined in the schema]

What could I be doing wrong? Prior to the gecos update, service restarts never show the above warnings and error messages.

Solution

When you do the modification of the schema, you store the result in the 99-user.ldif file, which will be the last one to load.

When loading the 04-rfc2307bis.ldif file, the "gecos" attribute is not yet defined and this invalidates the "posixAccount" definition.

You should make sure the definition of "gecos" is stored in the same schema file.