V 2.4.x schema extensions

Tue, 04 Oct 2011 09:54:28 -0700 

Hi,

I need an attribute to store password expiry date for the inetOrgPerson 
objectClass entries in my directory. Since I could not find this or similar 
attribute in the existing set of schemas (including the ppolicy schema), I have 
tried to implemented an extension in a custom local.schema:

objectclass ( 1.3.6.1.4.1.22280.1021.4.1 NAME 'x-sdids-enPortal'
        DESC 'Indicates that this entry has additional attributes used by 
enPortal.'
        AUXILIARY )
# The "MAY" directive below prevents slapd form starting, and is therefore 
commented out.
#        MAY 1.3.6.1.4.1.22280.1021.3.1 )

attributeType ( 1.3.6.1.4.1.22280.1021.3.1 NAME 'x-sdids-passwordExpirationTime'
        DESC 'TELUS defined password policy attribute type used by enPortal.'
        EQUALITY generalizedTimeMatch
        ORDERING generalizedTimeOrderingMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
        SINGLE-VALUE
        USAGE userApplications )


I figured the best bet would be an auxiliary objectClass. After including the 
new local.schema file in the slapd.conf, and restarting slapd, I get an error 
when trying to add the new attribute value to an existing or new inetOrgPerson 
entry:

Oct  4 10:37:43 vmsdildap04 slapd[31176]: conn=1 op=22 MOD 
dn="[email protected],ou=CUSTOMER,ou=Users,dc=private,dc=sdi"
Oct  4 10:37:43 vmsdildap04 slapd[31176]: conn=1 op=22 MOD 
attr=x-sdids-passwordExpirationTime
Oct  4 10:37:43 vmsdildap04 slapd[31176]: Entry (uid= 
[email protected],ou=CUSTOMER,ou=Users,dc=private,dc=sdi), attribute 
'x-sdids-passwordExpirationTime' not allowed
Oct  4 10:37:43 vmsdildap04 slapd[31176]: entry failed schema check: attribute 
'x-sdids-passwordExpirationTime' not allowed
Oct  4 10:37:43 vmsdildap04 slapd[31176]: conn=1 op=22 RESULT tag=103 err=65 
text=attribute 'x-sdids-passwordExpirationTime' not allowed

I believe this error 65, as per the OpenLDAP docs, is:

H.35. objectClassViolation (65)
Indicates that the entry violates object class restrictions.
The value I am specifying for the attribute is 20111004164129Z

I have also tried to first add an objectClass attribute value to an existing 
entry with value 'x-sdids-enPortal', and then add the 
'x-sdids-passwordExpirationTime' attribute value, with the same outcome.

Thanks,
Bryce Powell

Reply via email to