Henrik Johansson via FreeIPA-users wrote: > Hi, > > I am going to migrate an existing environment to FreeIPA 4.5. The > current LDAP has a few site-specific attributes and I have been trying > to figure out how I add these in an easy was that also keeps them when > upgrading etc. > > I was thinking that making them optional would allow us to ad them > without expanding the IPA web-interface. But which is the best way to > place the additional LDIF file for extending the schema, I have read > different location and some documentation point to using ldapmodify > directly and most of the stuff I find regarding this is from 2014 or > earlier so I’m unsure if it’s still relevant. > > I would like to add something like this to all users: > > dn: cn=schema > changetype: modify > add: attributetypes > attributeTypes: ( OurUserType-oid NAME 'OurUserType' DESC 'Specifies > account type: user / sys' SYNTAX IA5String SINGLE-VALUE ) > attributeTypes: ( OurSysOwner-oid NAME 'OurSysOwner' DESC 'Owner of Sys > account / Roles' SYNTAX IA5String SINGLE-VALUE ) > - > add: objectclasses > objectclasses: ( ourUserSpec-oid NAME 'ourUserSpec' SUP top AUXILIARY > DESC 'Holds user-specific attr' MAY ( ourUserType $ OurSysOwner ) ) > > Should this be located under > /usr/share/ipa/updates, /usr/share/ipa/schema.d or should it be added in > some other place? > > I want to be able to set the attributes while creating users, user-add … > —setattr ourUserType=“usertype1” …. >
You don't need to drop the file anywhere. 389-ds supports online schema updates so if you add this schema binding as Directory Manager then it will add the new schema and replicate it to all other (and future) masters. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
