PingDirectory

Creating a new attribute over LDAP

The following sections demonstrate how to add a schema element over LDAP.

You can create your own schema file or type the schema from the command line.

Make sure you’re aware of text spacing and ASN.1 formatting.

Adding a new attribute to the schema over LDAP

Steps

  1. In a text editor, create an LDIF file with the new attribute definition.

    Example:

    In this example, the LDIF file is named myschema.ldif.

    dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( contractorStatus-OID NAME 'contractorStatus'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE
  USAGE userApplications
  X-ALLOWED-VALUES ( ’Y’ ’N’ ’y’ ’n’ )
  X-ORIGIN 'PingDirectory Server Example' )

  2. To add the attribute, run ldapmodify.

    Example:

    $ bin/ldapmodify --filename myschema.ldif

  3. To verify the addition, display the attribute using ldapsearch.

    $ bin/ldapsearch --baseDN cn=schema --searchScope base \
  --dontwrap "(objectclass=*)" attributeTypes | grep 'contractorStatus'

  4. To view the custom schema file, go to <server-root>/config/schema/99-user.ldif.

    Result:

    For this example, you see the following details:

    dn: cn=schema
objectClass: top
objectClass: ldapSubentry
objectClass: subschema
cn: schema
attributeTypes: ( contractorStatus-OID
  NAME 'contractorStatus'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE
  USAGE userApplications
  X-ORIGIN 'PingDirectory Server Example' )

Adding constraints to attribute types

About this task

The PingDirectory server provides attribute type extensions that constrain the values for the associated attribute using the DirectoryString attribute syntax.

To constrain the values for an attribute:

Steps

  • Use the DirectoryString attribute syntax.

    Example:

    The following example schema definition includes two attributeType definitions for myAttr1 and myAttr2:

    • The first definition constrains the values for the attribute myAttr1 to ’foo’, ’bar’, and ’baz’.

    • The second definition constrains the minimum allowable length for myAttr2 to 1 and the maximum allowable length to 5.

      attributeTypes: (1.2.3.4
  NAME ’myAttr1’
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  X-ALLOWED-VALUES ( ’foo’ ’bar’ ’baz’ ))
attributeTypes: ( 1.2.3.5
  NAME ’myAttr2’
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  X-MIN-VALUE-LENGTH ’1’
  X-MAX-VALUE-LENGTH ’5’ )