[Freeipa-users] Adding a custom attribute to user object
Prashant Bapat
prashant at apigee.com
Mon Mar 23 12:07:39 UTC 2015
Martin,
Thanks!
Let me double check.
Yes I was referring to the exact same pdf.
Regards.
--Prashant
On 23 March 2015 at 16:49, Martin Kosek <mkosek at redhat.com> wrote:
> On 03/23/2015 10:19 AM, Prashant Bapat wrote:
> > Hi,
> >
> > I'm trying to add a custom attribute to user object. Below is the ldif
> i'm
> > using.
> >
> > dn: cn=schema
> > changetype: modify
> > add: attributeTypes
> > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME 'ipaSshSigTimestamp'
> > DESC 'SSH public key signature and timestamp' EQUALITY octetStringMatch
> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA EXTENTION'
> )
> > -
> > add: objectclasses
> > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME 'ApigeeUserAttr' SUP
> > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY ipaSshSigTimestamp )
> >
> > This gets added successfully using the ldapmodify command as directory
> > manager. But both the UI and the ipa config-mod commands refuse to add
> the
> > new attribute to ipaUserObjectClasses with error objectclass not found.
> >
> > What I'm I doing wrong ?
>
> Not sure yet, the schema above looks OK (except some typos). I tried it on
> my
> VM, and it just worked:
>
> # ldapmodify -D "cn=Directory Manager" -x -w Secret123
> ...
> modifying entry "cn=schema"
>
> # ipa config-mod
>
> --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr}
> ...
> Default user objectclasses: ipaobject, person, top, ipasshuser,
> inetorgperson, organizationalperson,
> krbticketpolicyaux, krbprincipalaux,
> ApigeeUserAttr, inetuser,
> posixaccount
>
>
> # ipa user-add apigee --first Foo --last Bar --setattr
> ipaSshSigTimestamp=barbar
> -------------------
> Added user "apigee"
> -------------------
> User login: apigee
> First name: Foo
> Last name: Bar
> Full name: Foo Bar
> Display name: Foo Bar
> Initials: FB
> Home directory: /home/apigee
> GECOS: Foo Bar
> Login shell: /bin/sh
> Kerberos principal: apigee at F21
> Email address: apigee at f21.test
> UID: 1889400080
> GID: 1889400080
> Password: False
> Member of groups: ipausers
> Kerberos keys available: False
>
>
> # ldapsearch -Y GSSAPI -b 'uid=apigee,cn=users,cn=accounts,dc=f21' uid
> ipaSshSigTimestamp
> SASL/GSSAPI authentication started
> SASL username: admin at F21
> SASL SSF: 56
> SASL data security layer installed.
> # extended LDIF
> #
> # LDAPv3
> # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope subtree
> # filter: (objectclass=*)
> # requesting: uid ipaSshSigTimestamp
> #
>
> # apigee, users, accounts, f21
> dn: uid=apigee,cn=users,cn=accounts,dc=f21
> uid: apigee
> ipaSshSigTimestamp: barbar
>
> # search result
> search: 4
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>
> BTW, did you read one of the very relevant upstream guides how to add
> custom
> attributes to LDAP? It pretty much covers the procedure you are working on:
>
> http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
>
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/4116065d/attachment.htm>
More information about the Freeipa-users
mailing list