I am going to migrate an existing environment to FreeIPA 4.5. The current LDAP has a few
site-specific attributes and I have been trying to figure out how I add these in an easy
was that also keeps them when upgrading etc.
I was thinking that making them optional would allow us to ad them without expanding the
IPA web-interface. But which is the best way to place the additional LDIF file for
extending the schema, I have read different location and some documentation point to using
ldapmodify directly and most of the stuff I find regarding this is from 2014 or earlier so
I’m unsure if it’s still relevant.
I would like to add something like this to all users:
attributeTypes: ( OurUserType-oid NAME 'OurUserType' DESC 'Specifies account
type: user / sys' SYNTAX IA5String SINGLE-VALUE )
attributeTypes: ( OurSysOwner-oid NAME 'OurSysOwner' DESC 'Owner of Sys
account / Roles' SYNTAX IA5String SINGLE-VALUE )
objectclasses: ( ourUserSpec-oid NAME 'ourUserSpec' SUP top AUXILIARY DESC
'Holds user-specific attr' MAY ( ourUserType $ OurSysOwner ) )
Should this be located under /usr/share/ipa/updates, /usr/share/ipa/schema.d or should it
be added in some other place?
I want to be able to set the attributes while creating users, user-add … —setattr