How to extend the OpenLDAP schema

First of all you need to create schema file. Here is an example of schema file “…\OpenLDAP\schema\anExample.schema”:


attributetype ( 2.5.4.10002 NAME 'anExampleAttributeName'
	DESC 'this is anExampleAttributeName attribute'
	EQUALITY caseIgnoreMatch
    SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )


objectclass ( 2.5.6.10002 NAME 'anExampleObjectClass' SUP top STRUCTURAL
  DESC 'this is anExampleObjectClass object class'
  MUST ( anExampleAttributeName $ cn )
  MAY ( searchGuide $ description ) )

This schema contains two definitions. First definition is new case insensitinve UTF-8 string attribute type called anExampleAttributeName. Second definition is new structured object class called anExampleObjectClass. It extends the top class defined in other schema file profided with maxcrc OpenLDAP for Windows by default. This object class can be used for creating LDAP objects of its type because it’s declared as structural. It must have anExampleAttributeNameand cn attributes and may have searchGuide and description attributes. Last three attributes types are described in other schema files.

Next step is including the “…\OpenLDAP\schema\anExample.schema” file into slapd.conffile. You should append this line to the end of schema inclusion lines:


include ./schema/anExample.schema

That’s all. Now you can start (or restart) the OpenLDAP server and create objects of anExampleObjectClass class type

Creating custom object in Userbooster

This part describes how to use Userbooster to create extended LDAP object described in anExample.schema schema file. Fist of all you should connect to OpenLDAP server with extended schema. Then select parend object in LDAP tree and invoke the New | Object context menu over it:

Then select class name and click Next button:

Then provide values at least for both anExampleAttributeName and cn must-have attributes and click Finish button:

That’s all. The custom LDAP object is created in the choosen LDAP server with Userbooster in a very convenient way:

Thumbnail image for ~/images/cont/articles/openldap-for-windows/imgObjectIsCreatedInUB.png

Indexing extended schema attribute(s)

If you added index lines into database definition part of slapd.conf file then you need to run slapindex to index this attribute to make it available in search filters. Make sure that the OpenLDAP server is not running during this operation.

Extending schema with OLC

You need to create same schema file “…\OpenLDAP\schema\anExample.schema” and include it into slapd.conf file first. Then you have to convert the slapd.conf file into .ldif file:


slapcat -f ./slapd.conf -F /temp/folder_for_ldif_output -n0 -s 'cn={5}ourExtended,cn=schema,cn=config' > ourExtended.ldif

In the next step you add the converted schema to your OpenLDAP server with the following command:


ldapadd -x -W -D 'cn=config' -W -f ./ourExtended.ldif

The successful result is:


adding new entry "cn={5}ourExtended,cn=schema,cn=config"