Environment
NetIQ eDirectory 8.8 SP8
Situation
If an object holds a value for an attribute and that attribute's syntax is changed via LDAP or ndssch the value will be lost.
For example if the following sample LDIF is used to modify an existing attribute. The syntax is being changed from Case Ignore String to Case Exact String and the delete and add are in one operation. If any values are in use they will be lost after this operation.
dn: cn=schema
changetype: modify
delete: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
)
-
add: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
)
changetype: modify
delete: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
)
-
add: attributeTypes
attributeTypes: ( 1.2.38.67082340269.4.20607.1 NAME 'NetIQDisplayName' SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
)
Resolution
This is expected behavior. eDirectory will not check to see if an attribute is in use by any objects before allowing the syntax change. Prior to making an attribute change it is the administrator's duty to perform this check his or herself.