Because the schema is defined by the LDAP view in cn=schema, you can view and modify the schema online using the ldapsearch and ldapmodify utilities. However, you can modify only schema elements that have the value ’user defined’ for the X-ORIGIN field. The server refuses any modification to the other definitions.
New element definitions, and changes that you make to user-defined elements, are saved in the file 99user.ldif.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Modifying schema definitions from the command line is prone to error because of the long values that you must type exactly. However, you can use this functionality in scripts that need to update your directory schema.
Use the ldapmodify(1) command to add or delete individual attributeTypes attribute values.
Use the ldapmodify(1) command to add or delete individual objectClasses attribute values.
To modify one of the values, you must delete the specific value and then add the value as a new value. This process is required because the attributes are multivalued. For details, see Modifying One Value of a Multi Valued Attribute.