<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Martin, </div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Thanks! </div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Let me double check. </div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Yes I was referring to the exact same pdf. </div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">Regards.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif">--Prashant</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 March 2015 at 16:49, Martin Kosek <span dir="ltr"><<a href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 03/23/2015 10:19 AM, Prashant Bapat wrote:<br> > Hi,<br> ><br> > I'm trying to add a custom attribute to user object. Below is the ldif i'm<br> > using.<br> ><br> > dn: cn=schema<br> > changetype: modify<br> > add: attributeTypes<br> > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME 'ipaSshSigTimestamp'<br> > DESC 'SSH public key signature and timestamp' EQUALITY octetStringMatch<br> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA EXTENTION' )<br> > -<br> > add: objectclasses<br> > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME 'ApigeeUserAttr' SUP<br> > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY ipaSshSigTimestamp )<br> ><br> > This gets added successfully using the ldapmodify command as directory<br> > manager. But both the UI and the ipa config-mod commands refuse to add the<br> > new attribute to ipaUserObjectClasses with error objectclass not found.<br> ><br> > What I'm I doing wrong ?<br> <br> </div></div>Not sure yet, the schema above looks OK (except some typos). I tried it on my<br> VM, and it just worked:<br> <br> # ldapmodify -D "cn=Directory Manager" -x -w Secret123<br> ...<br> modifying entry "cn=schema"<br> <br> # ipa config-mod<br> --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr}<br> ...<br> Default user objectclasses: ipaobject, person, top, ipasshuser,<br> inetorgperson, organizationalperson,<br> krbticketpolicyaux, krbprincipalaux,<br> ApigeeUserAttr, inetuser,<br> posixaccount<br> <br> <br> # ipa user-add apigee --first Foo --last Bar --setattr ipaSshSigTimestamp=barbar<br> -------------------<br> Added user "apigee"<br> -------------------<br> User login: apigee<br> First name: Foo<br> Last name: Bar<br> Full name: Foo Bar<br> Display name: Foo Bar<br> Initials: FB<br> Home directory: /home/apigee<br> GECOS: Foo Bar<br> Login shell: /bin/sh<br> Kerberos principal: apigee@F21<br> Email address: apigee@f21.test<br> UID: 1889400080<br> GID: 1889400080<br> Password: False<br> Member of groups: ipausers<br> Kerberos keys available: False<br> <br> <br> # ldapsearch -Y GSSAPI -b 'uid=apigee,cn=users,cn=accounts,dc=f21' uid<br> ipaSshSigTimestamp<br> SASL/GSSAPI authentication started<br> SASL username: admin@F21<br> SASL SSF: 56<br> SASL data security layer installed.<br> # extended LDIF<br> #<br> # LDAPv3<br> # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope subtree<br> # filter: (objectclass=*)<br> # requesting: uid ipaSshSigTimestamp<br> #<br> <br> # apigee, users, accounts, f21<br> dn: uid=apigee,cn=users,cn=accounts,dc=f21<br> uid: apigee<br> ipaSshSigTimestamp: barbar<br> <br> # search result<br> search: 4<br> result: 0 Success<br> <br> # numResponses: 2<br> # numEntries: 1<br> <br> <br> <br> BTW, did you read one of the very relevant upstream guides how to add custom<br> attributes to LDAP? It pretty much covers the procedure you are working on:<br> <br> <a href="http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf" target="_blank">http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf</a><br> <span class="HOEnZb"><font color="#888888"><br> Martin<br> </font></span></blockquote></div><br></div>