[Freeipa-users] Adding a custom attribute to user object
Prashant Bapat
prashant at apigee.com
Mon Mar 23 16:22:46 UTC 2015
Hi Rob,
Yes I did restart it.
Ok another problem. I'm not able to add this attr to existing users. Only
the new ones. Any pointers ?
Thanks.
--Prashant
On 23 March 2015 at 21:19, Rob Crittenden <rcritten at redhat.com> wrote:
> Prashant Bapat wrote:
> > Ok the command you gave me worked. But I was following the PDF and below
> > command never worked.
> >
> > ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr
> >
> > Is that expected ?
>
> Did you restart httpd after adding the schema? A cached copy is used and
> restarting will cause it to re-read the schema.
>
> rob
>
> >
> > Thanks.
> > --Prashant
> >
> >
> > On 23 March 2015 at 17:37, Prashant Bapat <prashant at apigee.com
> > <mailto:prashant at apigee.com>> wrote:
> >
> > Martin,
> >
> > Thanks!
> >
> > Let me double check.
> >
> > Yes I was referring to the exact same pdf.
> >
> > Regards.
> > --Prashant
> >
> > On 23 March 2015 at 16:49, Martin Kosek <mkosek at redhat.com
> > <mailto:mkosek at redhat.com>> wrote:
> >
> > On 03/23/2015 10:19 AM, Prashant Bapat wrote:
> > > Hi,
> > >
> > > I'm trying to add a custom attribute to user object. Below is
> > the ldif i'm
> > > using.
> > >
> > > dn: cn=schema
> > > changetype: modify
> > > add: attributeTypes
> > > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME
> > 'ipaSshSigTimestamp'
> > > DESC 'SSH public key signature and timestamp' EQUALITY
> > octetStringMatch
> > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA
> > EXTENTION' )
> > > -
> > > add: objectclasses
> > > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME
> > 'ApigeeUserAttr' SUP
> > > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY
> > ipaSshSigTimestamp )
> > >
> > > This gets added successfully using the ldapmodify command as
> > directory
> > > manager. But both the UI and the ipa config-mod commands
> > refuse to add the
> > > new attribute to ipaUserObjectClasses with error objectclass
> > not found.
> > >
> > > What I'm I doing wrong ?
> >
> > Not sure yet, the schema above looks OK (except some typos). I
> > tried it on my
> > VM, and it just worked:
> >
> > # ldapmodify -D "cn=Directory Manager" -x -w Secret123
> > ...
> > modifying entry "cn=schema"
> >
> > # ipa config-mod
> >
> --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr}
> > ...
> > Default user objectclasses: ipaobject, person, top, ipasshuser,
> > inetorgperson, organizationalperson,
> > krbticketpolicyaux,
> krbprincipalaux,
> > ApigeeUserAttr, inetuser,
> > posixaccount
> >
> >
> > # ipa user-add apigee --first Foo --last Bar --setattr
> > ipaSshSigTimestamp=barbar
> > -------------------
> > Added user "apigee"
> > -------------------
> > User login: apigee
> > First name: Foo
> > Last name: Bar
> > Full name: Foo Bar
> > Display name: Foo Bar
> > Initials: FB
> > Home directory: /home/apigee
> > GECOS: Foo Bar
> > Login shell: /bin/sh
> > Kerberos principal: apigee at F21
> > Email address: apigee at f21.test
> > UID: 1889400080
> > GID: 1889400080
> > Password: False
> > Member of groups: ipausers
> > Kerberos keys available: False
> >
> >
> > # ldapsearch -Y GSSAPI -b
> > 'uid=apigee,cn=users,cn=accounts,dc=f21' uid
> > ipaSshSigTimestamp
> > SASL/GSSAPI authentication started
> > SASL username: admin at F21
> > SASL SSF: 56
> > SASL data security layer installed.
> > # extended LDIF
> > #
> > # LDAPv3
> > # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope
> subtree
> > # filter: (objectclass=*)
> > # requesting: uid ipaSshSigTimestamp
> > #
> >
> > # apigee, users, accounts, f21
> > dn: uid=apigee,cn=users,cn=accounts,dc=f21
> > uid: apigee
> > ipaSshSigTimestamp: barbar
> >
> > # search result
> > search: 4
> > result: 0 Success
> >
> > # numResponses: 2
> > # numEntries: 1
> >
> >
> >
> > BTW, did you read one of the very relevant upstream guides how
> > to add custom
> > attributes to LDAP? It pretty much covers the procedure you are
> > working on:
> >
> >
> http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
> >
> > Martin
> >
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150323/feec5fc4/attachment.htm>
More information about the Freeipa-users
mailing list