On 03/15/2018 10:40 AM, Per Qvindesland via FreeIPA-users wrote:
Hi List
We are currently busy implementing freeipa with a saml idP but we noticed that
we are missing the following attributes: edupersontargetedid,
edupersonaffiliation, displayname, and mail.
How can we add these attributes into the freeipa server?
Regards
Per
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Hi,
the attributes edupersontargetedid, edupersonaffiliation, displayname,
and mail are already defined in the LDAP schema, so you won't need to
add them to the schema.
The edupersontargetedid and edupersonaffiliation attributes are part of
the objectclass eduPerson.
The displayName and mail attributes are part of the objectclass
inetorgperson.
If you want to add these attributes to a user entry, the user entry
needs to contain the relevant objectclasses (by default, FreeIPA users
already contain the inetorgperson objectclass). You will need to add the
eduPerson objectclass to the default user object classes, by following
the instructions provided here: [1]
Then you will be able to add the attributes to the new users by doing:
ipa user-mod username --addattr "edupersontargetedid=value"
You may be interested in a description of the LDAP schema, available in
389-ds guide [2], in order to understand what are objectclasses and
attribute types.
HTH,
Flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/adding-custom-objclasses
[2]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/extending_the_directory_schema#Overview_of_Extending_Schema
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
