Recently used to OpenLDAP, we need to be integrated into the system. But OpenLDAP template itself, the use of the property is too small, can not meet the normal business needs, and therefore need to be extended attribute entries.
The idea is to determine objectClass new custom, you can legally be added after the entry objectClass objectClass add the custom properties of the (support PhpLdapAdmin and ApacheDirectoryStudio and other visualization tools)
However, you can find relevant content is relatively small, it is also found in more then added directly schema introduced in slapd.conf. I tried it on the server (OpenLDAP version: 2.4.44), did not work. So I went and got a stackoverflow learn.
Reference Source: https://stackoverflow.com/questions/45511696/creating-a-new-objectclass-and-attribute-in-openldap?r=SearchResults
1: any directory server to create a new schema file, for example test.schema.
Objectclass need to modify the file name, and must ensure that each item oid globally unique (oid name has to follow the law, but I do not know all the time makes up - -).
attributetype ( 1.3.6.1.4.1.42.2.27.4.1.98 NAME 'userCertNo' DESC 'userCertNo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.42.2.27.4.1.97 NAME 'userCertCN' DESC 'userCertCN' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.42.2.27.4.2.88 NAME 'financeUser' DESC 'financeUser' SUP top AUXILIARY MAY ( cn $ userCertNo $ userCertCN ) )
2: Create a profile compiled with, for example test.conf. Which need only contain schema can create yourself
include /etc/openldap/test/test.schema
3: two or more files in the same directory (can hold together, you can specify the compile-time), and then create a directory for files stored testdir compiled.
Then perform schema, ldif and other documents generated slaptest command to compile custom
slaptest -f test.conf -F testdir
4: cn into the directory under testdir = config / cn = schema catalog can be seen under a ldif file generated. At this time, rename the file, and to modify the cn and dn. (Ldif file has strict requirements for space and other elements, do not add extra spaces other unnecessary elements, etc.)
Plotted yellow indicates that the content is that you want to create objectClass class name.
5: After editing the file name slapadd execute command in the directory, add the file into the library OpenLdap
slapadd -l ebankUser.ldif -n 0
As shown is the success, if there is to be noted oid attribute word repeated or is repeated, if need to modify the given schema compilation prompted again.
More common mistake is repeated or prompt you attribute oid repeated, this time the best re-edit schema file and then compile again.
6: After completing the above steps you can see their newly added objectclass corresponding ldif files under /etc/openldap/slapd.d/cn=config/cn=schema path.
7: Empowering file and restart ldap service.
The resumption of direct services will be error, you need to /etc/openldap/slapd.d/cn=config/cn=schema empowered or directly modify the file owner to ldap, ldap otherwise the user can not read.
chmod -R 777 cn=schema
然后重启服务
Service slapd restart
8:通过可视化管理界面phpldapadmin或者ApacheDirectoryStudio连接,然后在已有的用户上新增objectClass,选择自定义添加的class即可。随后便可以手动添加自定义的属性值了。
