How to add a new field to an open ldap schema
https://stackoverflow.com/questions/3409751
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What would be the easiest way to add a new field to a list of potential fields on an existing ldap schema?
How would this affect existing records?
The field would be added at the deepest level of the dn (each user account).
Solution
Typically you can extend the schema of the LDAP server. Specific details depend on the underlying service providing the LDAP. (Active Directory is slightly different than eDirectory, and slightly different than in OpenLDAP or SunOne).
However, common to all those possible LDAP servers is the concept of an Auxiliary Class.
The base schema that comes with the server usually has Structural classes which are ones you can really use for objects. Another is Abstract classes, which are really just placeholders, so that you can have other classes (Say a structural class) inherit from it. Perhaps two Structural classes might inherit from the same abstract class, thus making definitions easier and cleaner.
Finally we come to Auxiliary classes which are probably the most useful. These classes cannot stand on their own, but you can add the class name to the Object Class (objectClass) attribute list, and then the additional attributes defined in the Aux class can be used.
This is the safest, least painful way to extend an LDAP Schema. It does not touch Base schema, nor any of the standard shipping classes. Rather, you have a completely standalone class that you can add to any object you would like, and it is easy to modify.
