--- title: Creating a new attribute over LDAP description: The following sections demonstrate how to add a schema element over LDAP. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_create_attr_ldap canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_create_attr_ldap.html revdate: September 13, 2023 page_aliases: ["pd_ds_ldap_new_schema_attribute.adoc", "pd_ds_add_constraints_attribute_types.adoc"] section_ids: adding-a-new-attribute-to-the-schema-over-ldap: Adding a new attribute to the schema over LDAP steps: Steps example: Example: example-2: Example: result: Result: adding-constraints-to-attribute-types: Adding constraints to attribute types about-this-task: About this task steps-2: Steps example-3: Example: --- # Creating a new attribute over LDAP The following sections demonstrate how to add a schema element over LDAP. You can create your own schema file or type the schema from the command line. | | | | - | ------------------------------------------------------------ | | | Make sure you're aware of text spacing and ASN.1 formatting. | ## Adding a new attribute to the schema over LDAP ### Steps 1. In a text editor, create an LDIF file with the new attribute definition. #### Example: In this example, the LDIF file is named `myschema.ldif`. ``` dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( contractorStatus-OID NAME 'contractorStatus' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE userApplications X-ALLOWED-VALUES ( 'Y' 'N' 'y' 'n' ) X-ORIGIN 'PingDirectory Server Example' ) ``` 2. To add the attribute, run `ldapmodify`. #### Example: ```shell $ bin/ldapmodify --filename myschema.ldif ``` 3. To verify the addition, display the attribute using `ldapsearch`. ```shell $ bin/ldapsearch --baseDN cn=schema --searchScope base \ --dontwrap "(objectclass=*)" attributeTypes | grep 'contractorStatus' ``` 4. To view the custom schema file, go to `/config/schema/99-user.ldif`. #### Result: For this example, you see the following details: ``` dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema attributeTypes: ( contractorStatus-OID NAME 'contractorStatus' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE userApplications X-ORIGIN 'PingDirectory Server Example' ) ``` ## Adding constraints to attribute types ### About this task The PingDirectory server provides attribute type extensions that constrain the values for the associated attribute using the `DirectoryString` attribute syntax. To constrain the values for an attribute: ### Steps * Use the `DirectoryString` attribute syntax. #### Example: The following example schema definition includes two `attributeType` definitions for `myAttr1` and `myAttr2`: * The first definition constrains the values for the attribute `myAttr1` to `'foo'`, `'bar'`, and `'baz'`. * The second definition constrains the minimum allowable length for `myAttr2` to `1` and the maximum allowable length to `5`. ``` attributeTypes: (1.2.3.4 NAME 'myAttr1' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ALLOWED-VALUES ( 'foo' 'bar' 'baz' )) attributeTypes: ( 1.2.3.5 NAME 'myAttr2' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-MIN-VALUE-LENGTH '1' X-MAX-VALUE-LENGTH '5' ) ```