[Freeipa-users] extending FreeIPA

[Simo Sorce]

On Wed, 2011-05-04 at 17:41 -0700, Stephen Ingram wrote:
> I currently maintain a directory with MTA configuration data in it
> (among other items). I'm wondering what is the best way to add to the
> FreeIPA schema without stepping on current and future schema additions
> that might conflict with what I add. I know at one time you were
> expecting to add information for Postfix and other common server
> programs. Was this schema ever prepared and agreed upon, or is it best
> to use some special branch to put this all under?

Ok it seem we are confusing 2 things here, on one side schema extensions
(new attributes and objectclasses) and on the other side DIT structure
(subtrees within the tree where to put your information).

If you use standard schema or schema you made yourself after you got
assigned a base OID there should be no issue at all. if you do your own
schema please be careful in trying to use a prefix for attribute and
objectclass names so that you do not risk future name conflicts).

For the DIT part it really depends on what you need to do.
If you just need to add attributes to users then you have no other
option but to attach them to the users and that's fine it shouldn't
cause any issue.

If you need to add entirely new objects I can suggest to create a
cn=custom container as a top level subtree (ie at the same level of
cn=accounts and cn=etc, ...

And within it do what you need to do. This way it will not conflict with
anything we may add in future.

> Also, although I read Adam Young's blog article about how to extend
> the WebUI, I'm having difficulty adding attributes within the existing
> structure. For example, on the user page, is there a prescribed way of
> adding say, the mailAlternateAddress attribute such that it shows as a
> field in the WebUI?

I will let Adma reply to this one.

HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York