Hi Rob, Yes I did restart it.
Ok another problem. I'm not able to add this attr to existing users. Only the new ones. Any pointers ? Thanks. --Prashant On 23 March 2015 at 21:19, Rob Crittenden <[email protected]> wrote: > Prashant Bapat wrote: > > Ok the command you gave me worked. But I was following the PDF and below > > command never worked. > > > > ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr > > > > Is that expected ? > > Did you restart httpd after adding the schema? A cached copy is used and > restarting will cause it to re-read the schema. > > rob > > > > > Thanks. > > --Prashant > > > > > > On 23 March 2015 at 17:37, Prashant Bapat <[email protected] > > <mailto:[email protected]>> wrote: > > > > Martin, > > > > Thanks! > > > > Let me double check. > > > > Yes I was referring to the exact same pdf. > > > > Regards. > > --Prashant > > > > On 23 March 2015 at 16:49, Martin Kosek <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 03/23/2015 10:19 AM, Prashant Bapat wrote: > > > Hi, > > > > > > I'm trying to add a custom attribute to user object. Below is > > the ldif i'm > > > using. > > > > > > dn: cn=schema > > > changetype: modify > > > add: attributeTypes > > > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME > > 'ipaSshSigTimestamp' > > > DESC 'SSH public key signature and timestamp' EQUALITY > > octetStringMatch > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA > > EXTENTION' ) > > > - > > > add: objectclasses > > > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME > > 'ApigeeUserAttr' SUP > > > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY > > ipaSshSigTimestamp ) > > > > > > This gets added successfully using the ldapmodify command as > > directory > > > manager. But both the UI and the ipa config-mod commands > > refuse to add the > > > new attribute to ipaUserObjectClasses with error objectclass > > not found. > > > > > > What I'm I doing wrong ? > > > > Not sure yet, the schema above looks OK (except some typos). I > > tried it on my > > VM, and it just worked: > > > > # ldapmodify -D "cn=Directory Manager" -x -w Secret123 > > ... > > modifying entry "cn=schema" > > > > # ipa config-mod > > > > --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr} > > ... > > Default user objectclasses: ipaobject, person, top, ipasshuser, > > inetorgperson, organizationalperson, > > krbticketpolicyaux, > krbprincipalaux, > > ApigeeUserAttr, inetuser, > > posixaccount > > > > > > # ipa user-add apigee --first Foo --last Bar --setattr > > ipaSshSigTimestamp=barbar > > ------------------- > > Added user "apigee" > > ------------------- > > User login: apigee > > First name: Foo > > Last name: Bar > > Full name: Foo Bar > > Display name: Foo Bar > > Initials: FB > > Home directory: /home/apigee > > GECOS: Foo Bar > > Login shell: /bin/sh > > Kerberos principal: apigee@F21 > > Email address: [email protected] > > UID: 1889400080 > > GID: 1889400080 > > Password: False > > Member of groups: ipausers > > Kerberos keys available: False > > > > > > # ldapsearch -Y GSSAPI -b > > 'uid=apigee,cn=users,cn=accounts,dc=f21' uid > > ipaSshSigTimestamp > > SASL/GSSAPI authentication started > > SASL username: admin@F21 > > SASL SSF: 56 > > SASL data security layer installed. > > # extended LDIF > > # > > # LDAPv3 > > # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope > subtree > > # filter: (objectclass=*) > > # requesting: uid ipaSshSigTimestamp > > # > > > > # apigee, users, accounts, f21 > > dn: uid=apigee,cn=users,cn=accounts,dc=f21 > > uid: apigee > > ipaSshSigTimestamp: barbar > > > > # search result > > search: 4 > > result: 0 Success > > > > # numResponses: 2 > > # numEntries: 1 > > > > > > > > BTW, did you read one of the very relevant upstream guides how > > to add custom > > attributes to LDAP? It pretty much covers the procedure you are > > working on: > > > > > http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf > > > > Martin > > > > > > > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
