[Systems] How to add an LDAP attribute? (was: Re: OpenID account at id.sugarlabs.org)

Sascha Silbe sascha-ml-reply-to-2010-2 at silbe.org
Sat Sep 4 15:37:24 EDT 2010


Excerpts from Bernie Innocenti's message of Sat Sep 04 00:23:59 +0200 2010:

> Your OpenID will be something like https://id.sugarlabs.org/USERNAME
> Use your account password to login.
I've copied the code to ssl-test.sugarlabs.org and hacked it to allow
using a public key from a client certificate to authenticate (falling
back to the usual password prompt). Was easier than I expected (I don't
speak PHP and had to look everything up), but now I'm stuck on the LDAP
side:

Because LDAP seems to be strictly typed, I need to add the new attribute
to a/the? schema. Per [1] I've created
/etc/ldap/schema/tls-public-key.schema with the following content:

=== Begin ===
# Author: Sascha Silbe <sascha-pgp at silbe.org>
# temporarily using OID from OpenLDAP 'experimental' namespace
# http://www.openldap.org/faq/data/cache/200.html
attributetype ( 1.3.6.1.4.1.4203.666.1.7843 NAME 'tls-public-key'
        DESC 'Public key used for authenticating TLS sessions, ASCII armored'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )
=== End ===

Next step would be to let slapd know about this new file. Both [1] and
[2] tell me to edit /etc/openldap/slapd.conf below the other schema file
include. But on sunjammer that file doesn't exist and none of the other
files that look LDAP-related contains any "include" line.

So what do I need to do so I can add the tls-public-key attribute on my
user account ("uid=silbe,ou=People,dc=sugarlabs,dc=org")?

Sascha

[1] http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-DefineObjectsAndAttributes.html
[2] http://www.openldap.org/doc/admin24/schema.html
--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
Url : http://lists.sugarlabs.org/private/systems/attachments/20100904/93f4b223/attachment.pgp 


More information about the Systems mailing list