I understand the reasons behind but I have to say that the docs are pretty scarce and any newbie has a pretty steep learning curve ahead especially if used to the old way of configuring LDAP.
The configuration now is in ldif format and it follows a pretty logical scheme which is clearly shown in this picture
/etc/ldap/slapd.d dir) is all your LDAP server knows about, all the rest in the /etc/ldap is not really that interesting.Anyway you are to read something else, I know. I could not honestly find a straight answer to the question which gives the title to this post, even though there are a lot of places that contain bits of info but as usual the amount of work needed to get everything in place is still some. That's why I am writing this post.
[UPDATE: just found this which is pretty close to what I needed.]
I will start with a practical real-life example: Adding the sshPublicKey schema kindly provided here to your LDAP server. [I am basing my example on a Debian Squeeze installation]
Now you will find in
/etc/ldap/schema/ a lot of .schema files. And there is where you will start to get confused... so forget the schema files.Copy paste the
openssh-lpk_openldap.schema in /etc/ldap/schema/ directory (just to keep them happy together):# # LDAP Public Key Patch schema for use with openssh-ldappubkey # Author: Eric AUGE <eau@phear.org> # # Based on the proposal of : Mark Ruijter # # octetString SYNTAX attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) # printableString SYNTAX yes|no objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )
Create a tmp directory, e.g.
/tmp/ldapstuff and create a dummy file there called for instance slapd.conf which simply has this lineRuninclude /etc/ldap/schema/openssh-lpk_openldap.schema
This will create in place a dir calledcd /tmp/ldapstuff && slaptest -f slapd.conf -F .
cn=config and a file cn=config.ldif.Run
cd cn=config/cn=schema && vim cn={0}openssh-lpk_openldap.ldif
The only interesting things that need to stay in that file are the following:So remove everything else and edit dn and cn. This is a schema so it will need to be inside thedn: cn: objectClass: olcAttributeTypes: olcObjectClasses:
cn=schema,cn=config LDAP tree, so the result should be
Now you are ready to add this to your LDAP server:dn: cn=openssh-lpk_openldap,cn=schema,cn=config cn: openssh-lpk_openldap
That's it, you can verify that it's really there byldapadd -Dcn=admin,cn=config -W -f /tmp/ldapstuff/cn=config/cn=schema/cn={0}openssh-lpk_openldap.ldif
This should give you some result. This is pretty much applicable to any other schema.ldapsearch -xLLL -D cn=admin,cn=config -W -b cn=config cn=*ssh*
Nice post and thanks for the effort!
ReplyDeleteI am used to the old file-based configuration layout and was desperately looking for a quick tutorial on adding a new schema. All I found was this and it perfectly clarified things for me.
Hello, thanks for clarifying this!
ReplyDeleteJust want to add something:
After running "ldapadd" I got the following output:
# ldapadd -Dcn=admin,cn=config -W -f /tmp/ldapstuff/cn\=config/cn\=schema/cn\=\{0\}openssh-lpk_openldap.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Then I followed Chris' reply and added olcRootDN and olcRootPW:
http://serverfault.com/questions/377762/user-not-found-for-cn-config-in-openldap
Everything worked fine after that.
OS: Ubuntu 12.04
Thanks for sharing!
Hi.
ReplyDeleteHello thanks for your post ! I'm right with ddesani ! I have the same problem. Just use this : ldapadd -Q -Y EXTERNAL -H ldapi:/// -W -f /tmp/ldapstuff/cn\=config/cn\=schema/cn\=\{0\}openssh-lpk_openldap.ldif
ReplyDeleteThank you man, it works very well :)
ReplyDeleteI am still quite surprised that after 3 years it still does work... :)
DeleteAmazing site, Distinguished input that I can handle. Im advancing and might apply to my present place of employment as a pet sitter, which is exceptionally pleasant, yet I have to extra grow. Respects.
ReplyDeleteOrganization
This comment has been removed by the author.
ReplyDeleteUttar Pradesh Maadhyamik Shiksha Parishad every year conducts UP Board Exams for High School & Intermediate. UPMSP conducts assessments for UP Board 10th Class Exams. UPMSP 10th Model Paper 2021 This Year UPMSP has a turn around things very quickly. Candidates who are going to seem in UP Board Exams should be seeking out UP Board Model Papers 2021 for Class 10th Exam, Practice Papers for High School Intermediate Board Exams.
ReplyDeleteBank of Baroda Net Banking facility which is very easy to access International banking facilities, Register with required as BOB retail user for corporate banking, Check the login facilities of BOB Internet banking and use the online system to pay the credit card bill and more services. bank of baroda net banking Bank of Baroda is a multinational Indian bank with the best online banking services which is known to be one of the top public sector banking services all across the world, and there are very few and simple browser requirements for Bank of Baroda Internet Banking (BOB Net Banking) usage, for that the retailer or corporate user needs to follow in order to login to the online net banking facility.
ReplyDeleteWith the proliferation of blogs and articles Dark Web Understanding content curation has become an essential aspect of digital media consumption.
ReplyDeleteThank You and that i have a super offer: What Renos Add Value house renovation blog
ReplyDelete