Data values lost if attribute's syntax is changed and is in use on objects

  • 7016391
  • 02-Apr-2015
  • 23-Apr-2015

Environment

NetIQ eDirectory 8.8 SP8

Situation

If an object holds a value for an attribute and that attribute's syntax is changed via LDAP or ndssch the value will be lost. 
 
For example if the following sample LDIF is used to modify an existing attribute.  The syntax is being changed from Case Ignore String to Case Exact String and the delete and add are in one operation.  If any values are in use they will be lost after this operation.
 
dn: cn=schema
changetype: modify
delete: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )
-
add: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )
 

Resolution

This is expected behavior.  eDirectory will not check to see if an attribute is in use by any objects before allowing the syntax change.  Prior to making an attribute change it is the administrator's duty to perform this check his or herself.