[Systems] How to add an LDAP attribute? (was: Re: OpenID account at id.sugarlabs.org)

Bernie Innocenti bernie at codewiz.org
Sun Sep 5 16:02:14 EDT 2010

El Sat, 04-09-2010 a las 21:37 +0200, Sascha Silbe escribió:
> Because LDAP seems to be strictly typed, I need to add the new attribute
> to a/the? schema. Per [1] I've created
> /etc/ldap/schema/tls-public-key.schema with the following content:
> === Begin ===
> # Author: Sascha Silbe <sascha-pgp at silbe.org>
> # temporarily using OID from OpenLDAP 'experimental' namespace
> # http://www.openldap.org/faq/data/cache/200.html
> attributetype ( NAME 'tls-public-key'
>         DESC 'Public key used for authenticating TLS sessions, ASCII armored'
>         SYNTAX
>         SINGLE-VALUE )
> === End ===

Many years ago, I requested and obtained a OID for Develer at IANA. We
could do the same for Sugar Labs as well, or ask the sysadmins at
Develer to reserve a sub-OID for us.

> Next step would be to let slapd know about this new file. Both [1] and
> [2] tell me to edit /etc/openldap/slapd.conf below the other schema file
> include. But on sunjammer that file doesn't exist and none of the other
> files that look LDAP-related contains any "include" line.
> So what do I need to do so I can add the tls-public-key attribute on
> my user account ("uid=silbe,ou=People,dc=sugarlabs,dc=org")?

Ubuntu by default switched from slapd.conf to an ldif configuration file
format which is obscure and undocumented. The configuration is scattered
in a hierarchic tree under /etc/ldap/slapd.d/. Schemas appear to be in 
/etc/ldap/slapd.d/cn=config/cn=schema/, already converted to ldif

(when I can't figure out the corresponding ldif syntax, I create a
fakeslapd.conf and make slapd migrate it to ldif by passing it both -f
and -F).

   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/

More information about the Systems mailing list