Ok the command you gave me worked. But I was following the PDF and below command never worked.
ipa config-mod --addattr=ipaUserObjectClasses=ApigeeUserAttr Is that expected ? Thanks. --Prashant On 23 March 2015 at 17:37, Prashant Bapat <prash...@apigee.com> wrote: > Martin, > > Thanks! > > Let me double check. > > Yes I was referring to the exact same pdf. > > Regards. > --Prashant > > On 23 March 2015 at 16:49, Martin Kosek <mko...@redhat.com> wrote: > >> On 03/23/2015 10:19 AM, Prashant Bapat wrote: >> > Hi, >> > >> > I'm trying to add a custom attribute to user object. Below is the ldif >> i'm >> > using. >> > >> > dn: cn=schema >> > changetype: modify >> > add: attributeTypes >> > attributeTypes: (2.16.840.1.113730.3.8.11.31.1 NAME 'ipaSshSigTimestamp' >> > DESC 'SSH public key signature and timestamp' EQUALITY octetStringMatch >> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'CUSTOM FREEIPA >> EXTENTION' ) >> > - >> > add: objectclasses >> > objectclasses: ( 2.16.840.1.113730.3.8.11.31.2 NAME 'ApigeeUserAttr' SUP >> > top AUXILIARY DESC 'CUSTOM FREEIPA EXTENTION' MAY ipaSshSigTimestamp ) >> > >> > This gets added successfully using the ldapmodify command as directory >> > manager. But both the UI and the ipa config-mod commands refuse to add >> the >> > new attribute to ipaUserObjectClasses with error objectclass not found. >> > >> > What I'm I doing wrong ? >> >> Not sure yet, the schema above looks OK (except some typos). I tried it >> on my >> VM, and it just worked: >> >> # ldapmodify -D "cn=Directory Manager" -x -w Secret123 >> ... >> modifying entry "cn=schema" >> >> # ipa config-mod >> >> --userobjectclasses={ipaobject,person,top,ipasshuser,inetorgperson,organizationalperson,krbticketpolicyaux,krbprincipalaux,inetuser,posixaccount,ApigeeUserAttr} >> ... >> Default user objectclasses: ipaobject, person, top, ipasshuser, >> inetorgperson, organizationalperson, >> krbticketpolicyaux, krbprincipalaux, >> ApigeeUserAttr, inetuser, >> posixaccount >> >> >> # ipa user-add apigee --first Foo --last Bar --setattr >> ipaSshSigTimestamp=barbar >> ------------------- >> Added user "apigee" >> ------------------- >> User login: apigee >> First name: Foo >> Last name: Bar >> Full name: Foo Bar >> Display name: Foo Bar >> Initials: FB >> Home directory: /home/apigee >> GECOS: Foo Bar >> Login shell: /bin/sh >> Kerberos principal: apigee@F21 >> Email address: api...@f21.test >> UID: 1889400080 >> GID: 1889400080 >> Password: False >> Member of groups: ipausers >> Kerberos keys available: False >> >> >> # ldapsearch -Y GSSAPI -b 'uid=apigee,cn=users,cn=accounts,dc=f21' uid >> ipaSshSigTimestamp >> SASL/GSSAPI authentication started >> SASL username: admin@F21 >> SASL SSF: 56 >> SASL data security layer installed. >> # extended LDIF >> # >> # LDAPv3 >> # base <uid=apigee,cn=users,cn=accounts,dc=f21> with scope subtree >> # filter: (objectclass=*) >> # requesting: uid ipaSshSigTimestamp >> # >> >> # apigee, users, accounts, f21 >> dn: uid=apigee,cn=users,cn=accounts,dc=f21 >> uid: apigee >> ipaSshSigTimestamp: barbar >> >> # search result >> search: 4 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> >> >> BTW, did you read one of the very relevant upstream guides how to add >> custom >> attributes to LDAP? It pretty much covers the procedure you are working >> on: >> >> http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf >> >> Martin >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project