Thanks. I will take a look. However will using this attr only on new users from the time it was added have any issues ?
Also, will replication include this new attr ? On 23 March 2015 at 21:57, Martin Kosek <mko...@redhat.com> wrote: > You would need to extend user-mod to add this objectclass to existing > modified > users. There is an example of such plugin in the PDF I mentioned. > > On 03/23/2015 05:22 PM, Prashant Bapat wrote: > > Hi Rob, > > > > Yes I did restart it. > > > > Ok another problem. I'm not able to add this attr to existing users. Only > > the new ones. Any pointers ? > > > > Thanks. > > --Prashant > > > > On 23 March 2015 at 21:19, Rob Crittenden <rcrit...@redhat.com> wrote: > > > >> Prashant Bapat wrote: > >>> Ok the command you gave me worked. But I was following the PDF and > below > >>> command never worked. > >>> > >>> ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr > >>> > >>> Is that expected ? > >> > >> Did you restart httpd after adding the schema? A cached copy is used and > >> restarting will cause it to re-read the schema. > >> > >> rob > >> > >>> > >>> Thanks. > >>> --Prashant > >>> > >>> > >>> On 23 March 2015 at 17:37, Prashant Bapat <prash...@apigee.com > >>> <mailto:prash...@apigee.com>> wrote: > >>> > >>> Martin, > >>> > >>> Thanks! > >>> > >>> Let me double check. > >>> > >>> Yes I was referring to the exact same pdf. > >>> > >>> Regards. > >>> --Prashant > >>> > >>> On 23 March 2015 at 16:49, Martin Kosek <mko...@redhat.com > >>> <mailto:mko...@redhat.com>> wrote: > >>> > >>> On 03/23/2015 10:19 AM, Prashant Bapat wrote: > >>> > Hi, > >>> > > >>> > I'm trying to add a custom attribute to user object. Below is > >>> the ldif i'm > >>> > using. > >>> > > >>> > dn: cn=schema > >>> > changetype: modify > >>> > add: attributeTypes > >>> > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME > >>> 'ipaSshSigTimestamp' > >>> > DESC 'SSH public key signature and timestamp' EQUALITY > >>> octetStringMatch > >>> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA > >>> EXTENTION' ) > >>> > - > >>> > add: objectclasses > >>> > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME > >>> 'ApigeeUserAttr' SUP > >>> > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY > >>> ipaSshSigTimestamp ) > >>> > > >>> > This gets added successfully using the ldapmodify command as > >>> directory > >>> > manager. But both the UI and the ipa config-mod commands > >>> refuse to add the > >>> > new attribute to ipaUserObjectClasses with error objectclass > >>> not found. > >>> > > >>> > What I'm I doing wrong ? > >>> > >>> Not sure yet, the schema above looks OK (except some typos). I > >>> tried it on my > >>> VM, and it just worked: > >>> > >>> # ldapmodify -D "cn=Directory Manager" -x -w Secret123 > >>> ... > >>> modifying entry "cn=schema" > >>> > >>> # ipa config-mod > >>> > >> > --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr} > >>> ... > >>> Default user objectclasses: ipaobject, person, top, > ipasshuser, > >>> inetorgperson, organizationalperson, > >>> krbticketpolicyaux, > >> krbprincipalaux, > >>> ApigeeUserAttr, inetuser, > >>> posixaccount > >>> > >>> > >>> # ipa user-add apigee --first Foo --last Bar --setattr > >>> ipaSshSigTimestamp=barbar > >>> ------------------- > >>> Added user "apigee" > >>> ------------------- > >>> User login: apigee > >>> First name: Foo > >>> Last name: Bar > >>> Full name: Foo Bar > >>> Display name: Foo Bar > >>> Initials: FB > >>> Home directory: /home/apigee > >>> GECOS: Foo Bar > >>> Login shell: /bin/sh > >>> Kerberos principal: apigee@F21 > >>> Email address: api...@f21.test > >>> UID: 1889400080 > >>> GID: 1889400080 > >>> Password: False > >>> Member of groups: ipausers > >>> Kerberos keys available: False > >>> > >>> > >>> # ldapsearch -Y GSSAPI -b > >>> 'uid=apigee,cn=users,cn=accounts,dc=f21' uid > >>> ipaSshSigTimestamp > >>> SASL/GSSAPI authentication started > >>> SASL username: admin@F21 > >>> SASL SSF: 56 > >>> SASL data security layer installed. > >>> # extended LDIF > >>> # > >>> # LDAPv3 > >>> # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope > >> subtree > >>> # filter: (objectclass=*) > >>> # requesting: uid ipaSshSigTimestamp > >>> # > >>> > >>> # apigee, users, accounts, f21 > >>> dn: uid=apigee,cn=users,cn=accounts,dc=f21 > >>> uid: apigee > >>> ipaSshSigTimestamp: barbar > >>> > >>> # search result > >>> search: 4 > >>> result: 0 Success > >>> > >>> # numResponses: 2 > >>> # numEntries: 1 > >>> > >>> > >>> > >>> BTW, did you read one of the very relevant upstream guides how > >>> to add custom > >>> attributes to LDAP? It pretty much covers the procedure you are > >>> working on: > >>> > >>> > >> http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > >>> > >>> Martin > >>> > >>> > >>> > >>> > >>> > >> > >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project