[Freeipa-users] Adding a custom attribute to user object

Prashant Bapat prashant at apigee.com
Mon Mar 23 16:22:46 UTC 2015 

Hi Rob,

Yes I did restart it.

Ok another problem. I'm not able to add this attr to existing users. Only
the new ones. Any pointers ?

Thanks.
--Prashant

On 23 March 2015 at 21:19, Rob Crittenden <rcritten at redhat.com> wrote:

> Prashant Bapat wrote:
> > Ok the command you gave me worked. But I was following the PDF and below
> > command never worked.
> >
> > ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr
> >
> > Is that expected ?
>
> Did you restart httpd after adding the schema? A cached copy is used and
> restarting will cause it to re-read the schema.
>
> rob
>
> >
> > Thanks.
> > --Prashant
> >
> >
> > On 23 March 2015 at 17:37, Prashant Bapat <prashant at apigee.com
> > <mailto:prashant at apigee.com>> wrote:
> >
> >     Martin,
> >
> >     Thanks!
> >
> >     Let me double check.
> >
> >     Yes I was referring to the exact same pdf.
> >
> >     Regards.
> >     --Prashant
> >
> >     On 23 March 2015 at 16:49, Martin Kosek <mkosek at redhat.com
> >     <mailto:mkosek at redhat.com>> wrote:
> >
> >         On 03/23/2015 10:19 AM, Prashant Bapat wrote:
> >         > Hi,
> >         >
> >         > I'm trying to add a custom attribute to user object. Below is
> >         the ldif i'm
> >         > using.
> >         >
> >         > dn: cn=schema
> >         > changetype: modify
> >         > add: attributeTypes
> >         > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME
> >         'ipaSshSigTimestamp'
> >         > DESC 'SSH public key signature and timestamp' EQUALITY
> >         octetStringMatch
> >         > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA
> >         EXTENTION' )
> >         > -
> >         > add: objectclasses
> >         > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME
> >         'ApigeeUserAttr' SUP
> >         > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY
> >         ipaSshSigTimestamp )
> >         >
> >         > This gets added successfully using the ldapmodify command as
> >         directory
> >         > manager. But both the UI and the ipa config-mod commands
> >         refuse to add the
> >         > new attribute to ipaUserObjectClasses with error objectclass
> >         not found.
> >         >
> >         > What I'm I doing wrong ?
> >
> >         Not sure yet, the schema above looks OK (except some typos). I
> >         tried it on my
> >         VM, and it just worked:
> >
> >         # ldapmodify -D "cn=Directory Manager" -x -w Secret123
> >         ...
> >         modifying entry "cn=schema"
> >
> >         # ipa config-mod
> >
>  --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr}
> >         ...
> >           Default user objectclasses: ipaobject, person, top, ipasshuser,
> >         inetorgperson, organizationalperson,
> >                                       krbticketpolicyaux,
> krbprincipalaux,
> >         ApigeeUserAttr, inetuser,
> >                                       posixaccount
> >
> >
> >         # ipa user-add apigee --first Foo --last Bar --setattr
> >         ipaSshSigTimestamp=barbar
> >         -------------------
> >         Added user "apigee"
> >         -------------------
> >           User login: apigee
> >           First name: Foo
> >           Last name: Bar
> >           Full name: Foo Bar
> >           Display name: Foo Bar
> >           Initials: FB
> >           Home directory: /home/apigee
> >           GECOS: Foo Bar
> >           Login shell: /bin/sh
> >           Kerberos principal: apigee at F21
> >           Email address: apigee at f21.test
> >           UID: 1889400080
> >           GID: 1889400080
> >           Password: False
> >           Member of groups: ipausers
> >           Kerberos keys available: False
> >
> >
> >         # ldapsearch -Y GSSAPI -b
> >         'uid=apigee,cn=users,cn=accounts,dc=f21' uid
> >         ipaSshSigTimestamp
> >         SASL/GSSAPI authentication started
> >         SASL username: admin at F21
> >         SASL SSF: 56
> >         SASL data security layer installed.
> >         # extended LDIF
> >         #
> >         # LDAPv3
> >         # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope
> subtree
> >         # filter: (objectclass=*)
> >         # requesting: uid ipaSshSigTimestamp
> >         #
> >
> >         # apigee, users, accounts, f21
> >         dn: uid=apigee,cn=users,cn=accounts,dc=f21
> >         uid: apigee
> >         ipaSshSigTimestamp: barbar
> >
> >         # search result
> >         search: 4
> >         result: 0 Success
> >
> >         # numResponses: 2
> >         # numEntries: 1
> >
> >
> >
> >         BTW, did you read one of the very relevant upstream guides how
> >         to add custom
> >         attributes to LDAP? It pretty much covers the procedure you are
> >         working on:
> >
> >
> http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
> >
> >         Martin
> >
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/feec5fc4/attachment.htm>

More information about the Freeipa-users mailing list