Hi, I am going to migrate an existing environment to FreeIPA 4.5. The current LDAP has a few site-specific attributes and I have been trying to figure out how I add these in an easy was that also keeps them when upgrading etc. I was thinking that making them optional would allow us to ad them without expanding the IPA web-interface. But which is the best way to place the additional LDIF file for extending the schema, I have read different location and some documentation point to using ldapmodify directly and most of the stuff I find regarding this is from 2014 or earlier so I’m unsure if it’s still relevant. I would like to add something like this to all users: dn: cn=schema changetype: modify add: attributetypes attributeTypes: ( OurUserType-oid NAME 'OurUserType' DESC 'Specifies account type: user / sys' SYNTAX IA5String SINGLE-VALUE ) attributeTypes: ( OurSysOwner-oid NAME 'OurSysOwner' DESC 'Owner of Sys account / Roles' SYNTAX IA5String SINGLE-VALUE ) - add: objectclasses objectclasses: ( ourUserSpec-oid NAME 'ourUserSpec' SUP top AUXILIARY DESC 'Holds user-specific attr' MAY ( ourUserType $ OurSysOwner  ) ) Should this be located under /usr/share/ipa/updates, /usr/share/ipa/schema.d or should it be added in some other place? I want to be able to set the attributes while creating users, user-add … —setattr ourUserType=“usertype1” ….