I installed OPENLDAP 2.4.44 on CentOS 7.
Now I need to set any attributes as required, is it possible? I need that all users have this attributes required:
- givenName
- sn
- cn
- userPassword
- displayName
- o
How Can I do?
Asked
Active
Viewed 412 times
1
Alex Kulinkovich
- 167
- 2
- 2
- 8
Marco Ferrara
- 169
- 6
2 Answers
2
I need that all users have this attributes required:
givenName, sn, cn, userPassword, displayName, o
The relevant information in the subschema is the object class definition (see RFC 4512). So the first question is which object classes you're using for the entries.
First of all: Don't muck with any standard object class definitions!
Furthermore learn about structural vs. auxiliary object classes.
Basically you have two options:
- Define your own custom object class(es) derived from standard object classes and adding attributes in MUST declaration as needed.
- Add a DIT content rule for the structural object class with MUST declaration as needed. DIT content rules also have AUX to define the auxiliary object classes usable along with this structural object class, and MAY and NOT to define the optional attributes.
The first solution is most times better because most schema-aware LDAP clients do not understand DIT content rules. Personally I often use a combination of both, especially with NOT in DIT content rules to exclude attributes which should never be added.
As a more complex example you can have a look at how schema is defined for Æ-DIR using OpenLDAP static config method (aka slapd.conf):
Michael Ströder
- 974
- 5
- 9
-1
thank you so much for your reply.
Could you sent me the example or the guide (step-to-step) link? My skill on OpenLDAP are not strong.
Thanks Marco
Marco Ferrara
- 169
- 6
-
Do not add a comment as an answer. Use the link "add a comment" beneath the answer instead. – Michael Ströder Oct 02 '19 at 18:26