I am trying to add an entryUUID field to groups in the FreeIPA compat schema, but I am struggling to create the required attributeType. My LDIF for creating it is:
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( entryUUID-oid
NAME 'entryUUID'
DESC 'UUID of the entry'
EQUALITY uuidMatch
ORDERING uuidOrderingMatch
SYNTAX 1.3.6.1.1.16.1
SINGLE-VALUE )
This is based on the specification from RFC4530, except with the USAGE directoryOperation and NO-USER-MODIFICATION lines removed. These need to be removed because the compat schema doesn't support operational attributes (I think). The error I get is as follows:
modifying entry "cn=schema"
ldap_modify: Invalid syntax (21)
additional info: attribute type entryUUID: Unknown attribute syntax OID "1.3.6.1.1.16.1"
I don't think this makes much sense at all, since OID 1.3.6.1.1.16.1 should be built in, right? Obviously my next course of action was to try and redefine the syntax with a different OID, but there is no documentation of how to do that anywhere, so I suspect it's not possible. I then tried removing the SYNTAX line (not allowed), and setting the syntax to "domain string" (can't use the uuidMatch equality).
In case this is an XY problem, I'm doing this in order to get vSphere to link up with FreeIPA, since vSphere requires a entryUUID field.
To summarise:
- How do I correctly add a custom UUID attribute to the
compatschema? - Do I even need to?
