Prashant Bapat wrote: > Ok the command you gave me worked. But I was following the PDF and below > command never worked. > > ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr > > Is that expected ?
Did you restart httpd after adding the schema? A cached copy is used and restarting will cause it to re-read the schema. rob > > Thanks. > --Prashant > > > On 23 March 2015 at 17:37, Prashant Bapat <[email protected] > <mailto:[email protected]>> wrote: > > Martin, > > Thanks! > > Let me double check. > > Yes I was referring to the exact same pdf. > > Regards. > --Prashant > > On 23 March 2015 at 16:49, Martin Kosek <[email protected] > <mailto:[email protected]>> wrote: > > On 03/23/2015 10:19 AM, Prashant Bapat wrote: > > Hi, > > > > I'm trying to add a custom attribute to user object. Below is > the ldif i'm > > using. > > > > dn: cn=schema > > changetype: modify > > add: attributeTypes > > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME > 'ipaSshSigTimestamp' > > DESC 'SSH public key signature and timestamp' EQUALITY > octetStringMatch > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA > EXTENTION' ) > > - > > add: objectclasses > > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME > 'ApigeeUserAttr' SUP > > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY > ipaSshSigTimestamp ) > > > > This gets added successfully using the ldapmodify command as > directory > > manager. But both the UI and the ipa config-mod commands > refuse to add the > > new attribute to ipaUserObjectClasses with error objectclass > not found. > > > > What I'm I doing wrong ? > > Not sure yet, the schema above looks OK (except some typos). I > tried it on my > VM, and it just worked: > > # ldapmodify -D "cn=Directory Manager" -x -w Secret123 > ... > modifying entry "cn=schema" > > # ipa config-mod > > --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr} > ... > Default user objectclasses: ipaobject, person, top, ipasshuser, > inetorgperson, organizationalperson, > krbticketpolicyaux, krbprincipalaux, > ApigeeUserAttr, inetuser, > posixaccount > > > # ipa user-add apigee --first Foo --last Bar --setattr > ipaSshSigTimestamp=barbar > ------------------- > Added user "apigee" > ------------------- > User login: apigee > First name: Foo > Last name: Bar > Full name: Foo Bar > Display name: Foo Bar > Initials: FB > Home directory: /home/apigee > GECOS: Foo Bar > Login shell: /bin/sh > Kerberos principal: apigee@F21 > Email address: [email protected] > UID: 1889400080 > GID: 1889400080 > Password: False > Member of groups: ipausers > Kerberos keys available: False > > > # ldapsearch -Y GSSAPI -b > 'uid=apigee,cn=users,cn=accounts,dc=f21' uid > ipaSshSigTimestamp > SASL/GSSAPI authentication started > SASL username: admin@F21 > SASL SSF: 56 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope subtree > # filter: (objectclass=*) > # requesting: uid ipaSshSigTimestamp > # > > # apigee, users, accounts, f21 > dn: uid=apigee,cn=users,cn=accounts,dc=f21 > uid: apigee > ipaSshSigTimestamp: barbar > > # search result > search: 4 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > > BTW, did you read one of the very relevant upstream guides how > to add custom > attributes to LDAP? It pretty much covers the procedure you are > working on: > > http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > > Martin > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
