Introduce custom schema to LDAP

There are common and default set of attributes already have in ldap implementation. But some times those atrributes may not meet the user requirements. Hence LDAP servers like ApacheDS, OpenLDAP give the flexibility and extendibility to define our own attributes and introduce them to the LDAP server instance and use them as we need.

Object classes are define within schema. Attributes also defined in schema. But every attribute is included in one or more object classes.

According to first way there also have two ways write an object class in ldif.

Note: Here I’m going to explain about second way. You can see there are several tutorials related to first way. This is another alternative way. In this way I changed the ldif format. Here, may not change the characteristics and properties of attributes and object classes.

Important:According to this way before you adding objectclass in to the schema, the attributes should be already existing inside the schema. next I will show how define an attribute for ldap object class.

As an example here shows all the attributes of wso2person object class.Later I’ll show how to introduce this object class and attributes to ldapserver.

WSO2 Identity Server has it’s own ldap schema. Here I’am going to explain how create custom ldap schema for WSO2 Identity Server.

When you going to add your object class to ldap schema that object class related attributes should be already exist. So add your own object classes attributes to ldap schema before you adding to your own object class.

Object class inheritance

Here, wso2person superior class is inetOrgPerson object class. As an example if you want to create wso2 whole schema you should consider about this inheritance.

Here inheritance hierarchy looks like this.

identityPerson -> scimPerson -> wso2Person -> inetOrgPerson

Delete attributeTypes DN.

here wso2schema create under the DN: cn=other,ou=schema

before adding all the attributes you should delete DN: ou=attributeTypes,cn=other,ou=schema. here it shows below figure.

(If you want add attributes without deleting dn: ou=attributeTypes,cn=other,ou=schema you have to add each attribute one by one.)

Go ou=attributesTypes then right click-> Delete Entry

Go cn=other,ou=schema then right click->import->Ldif import

Go ou=objectClasses,cn=other,ou=schema then right click->import-> import Ldif

inheritance hierarchy is like this.

identityPerson -> scimPerson -> wso2Person -> inetOrgPerson

So you should add all the object classes following order

here I explained how add the wso2person class. Other two object classes you can add following the same way.At the second step I added all the object classes attributes at once. Hence scimPerson and identityPerson attributes also already existing in the schema.

Note:If you need add these attributes and object classes without using the ldap browser you can use this commands with console.

2. Add wso2attributes file

3.Add wso2person objectclass

4.Add scimPerson objectclass

5Add identityPerson object class

Related posts:

A short story about saving yourself

Comparison without a personal action plan is a sign you are indulging in an unhealthy practice. Habitually looking at Instagram or Facebook and judging your own short, or long term, success and…

Before November 2018, I was always waiting for the other shoe to drop anytime something good happened. This was how I lived, which really wasn’t living at all, but it was all I knew for the longest…