tags:

views:

45

answers:

1
Q: 

How to add a new field to an open ldap schema

What would be the easiest way to add a new field to a list of potential fields on an existing ldap schema?

How would this affect existing records?

The field would be added at the deepest level of the dn (each user account).

A: 

Typically you can extend the schema of the LDAP server. Specific details depend on the underlying service providing the LDAP. (Active Directory is slightly different than eDirectory, and slightly different than in OpenLDAP or SunOne).

However, common to all those possible LDAP servers is the concept of an Axillary class.

The base schema that comes with the server usually has Structural classes which are ones you can really use for objects. Another is Abstract classes, which are really just placeholders, so that you can have other classes (Say a structural class) inherit from it. Perhaps two Structural classes might inherit from the same abstract class, thus making definitions easier and cleaner.

Finally we come to Axillary classes which are probably the most useful. These classes cannot stand on their own, but you can add the class name to the Object Class (objectClass) attribute list, and then the additional attributes defined in the Aux class can be used.

This is the safest, least painful way to extend an LDAP Schema. It does not touch Base schema, nor any of the standard shipping classes. Rather, you have a completely standalone class that you can add to any object you would like, and it is easy to modify.

geoffc  2010-08-05 02:06:28
thanks @geoffc, I think what I am interested in is adding attributes to the objectClass. I am using OpenLDAP, Is that something I do through a config file, and then all the current records have access to the new attribute? I know that you dont 'have' to use a field, LDAP just ignores it if there is no value present. But I'm not sure how it works the other way. Thx.
Jed Schneider  2010-08-05 02:16:15
objectClass is an attribute that lists the names of the class associated with this object. The object then can host all the attributes that are part of those classes.I.e. You are using objectClass slightly incorrectly here. What you probably want to do is for a SPECIFIC objectClass, want to add attributes to it. Maybe a User, a Group, a Organization, whatever.
geoffc  2010-08-05 10:15:21
@geoffc thanks, I was able to get the openldap schema updated, in part with your advice. Turns out there was already an extended schema, and I used that for a blueprint and extended it. I'm not sure that know the meaning of all the configuration I did, but it seems to work :)
Jed Schneider  2010-08-07 18:37:11

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?