PingDirectory

Creating a new attribute over LDAP

The following sections demonstrate how to add a schema element over LDAP.

You can create your own schema file or type the schema from the command line.

Make sure you’re aware of text spacing and ASN.1 formatting.

Adding a new attribute to the schema over LDAP

Steps

  1. In a text editor, create an LDIF file with the new attribute definition.

    Example:

    In this example, the LDIF file is named myschema.ldif.

    dn: cn=schema
    changetype: modify
    add: attributeTypes
    attributeTypes: ( contractorStatus-OID NAME 'contractorStatus'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE
      USAGE userApplications
      X-ALLOWED-VALUES ( ’Y’ ’N’ ’y’ ’n’ )
      X-ORIGIN 'PingDirectory Server Example' )
  2. To add the attribute, run ldapmodify.

    Example:

    $ bin/ldapmodify --filename myschema.ldif
  3. To verify the addition, display the attribute using ldapsearch.

    $ bin/ldapsearch --baseDN cn=schema --searchScope base \
      --dontwrap "(objectclass=*)" attributeTypes | grep 'contractorStatus'
  4. To view the custom schema file, go to <server-root>/config/schema/99-user.ldif.

    Result:

    For this example, you see the following details:

    dn: cn=schema
    objectClass: top
    objectClass: ldapSubentry
    objectClass: subschema
    cn: schema
    attributeTypes: ( contractorStatus-OID
      NAME 'contractorStatus'
      EQUALITY booleanMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE
      USAGE userApplications
      X-ORIGIN 'PingDirectory Server Example' )

Adding constraints to attribute types

About this task

The PingDirectory server provides attribute type extensions that constrain the values for the associated attribute using the DirectoryString attribute syntax.

To constrain the values for an attribute:

Steps

  • Use the DirectoryString attribute syntax.

    Example:

    The following example schema definition includes two attributeType definitions for myAttr1 and myAttr2:

    • The first definition constrains the values for the attribute myAttr1 to ’foo’, ’bar’, and ’baz’.

    • The second definition constrains the minimum allowable length for myAttr2 to 1 and the maximum allowable length to 5.

      attributeTypes: (1.2.3.4
        NAME ’myAttr1’
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        X-ALLOWED-VALUES ( ’foo’ ’bar’ ’baz’ ))
      attributeTypes: ( 1.2.3.5
        NAME ’myAttr2’
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        X-MIN-VALUE-LENGTH ’1’
        X-MAX-VALUE-LENGTH ’5’ )