OpenLDAP: how to add a date attribute in schema

Question

Can't find a solution on the internet. I tried this but it does not work. I would appreciate any help (LDAP really is a headache).

root@9ae33b5bc07e:/# ldapadd -Y EXTERNAL -H ldapi:/// -f add_attribute.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapadd: invalid format (line 4) entry: "cn=schema,cn=config"

root@9ae33b5bc07e:/# cat add_attribute.ldif
dn: cn=schema,cn=config
add: olcAttributeTypes
olcAttributeTypes: ( 1.3.6.1.4.1.5427.1.389.4.2
  NAME 'dateOfBirth'
  DESC 'Date of birth (format YYYYMMDD, only numeric chars)'
  EQUALITY numericStringMatch
  SUBSTR numericStringSubstringsMatch
  SINGLE-VALUE
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8}
)

Answer 1

There are two main issues with your LDIF document:

1. ldapadd only creates whole entries, and does not understand the "add:" or "replace:" pseudo-attributes. You need ldapmodify for altering existing entries (adding/replacing/deleting their attributes).

   (Though if the LDIF has a "changetype: add" or "changetype: modify", that overrides everything; the CLI commands are actually identical except for their implied default "changetype".)

2. Parentheses have no meaning to the LDIF syntax; they're merely part of the string value. When you wrap a long value, it's the indentation that matters – all continuation lines, including the closing paren if there's one, must be prefixed by at least a single space (which is ignored and won't become part of the value).

   So "line 4" (which IIRC is the "logical" line number after joining the continuations, not the physical line) refers to the loose ), which is missing the indentation and is therefore parsed as an invalid "attr: value" line instead of being a continuation of the previous line.

   It's very similar to continuation lines in HTTP headers or email headers.