Extending the ldap schema

From Kolab wiki

Jump to: navigation, search

Here is how I extend my ldap schema myself :

first create a file and include it in slapd.conf.template 

include /kolab/etc/openldap/schema/foobar.schema

Now create a new file foobar.schema : 

# First create new LDAP tree by choosing an unused OID
# 1.3.6.1.4.1.4203.666.* is supposed to be used for experiment only
# I choose the more evil "20010911" subtree
objectIdentifier FooBarRoot 1.3.6.1.4.1.4203.666.20010911

# Create 3 more sub-tree
objectIdentifier FooBarLDAP FooBarRoot:3
objectIdentifier FooBarLDAPattributeType FooBarLDAP:1
objectIdentifier FooBarLDAPobjectClass FooBarLDAP:2

# create a new attribute, I call "service" to enable or disable a service,
# for example to enable grey-listing at server level just add the attribute 
# with value "grey-list" to the k=kolab" entry
# OR to deny a user of relaying emails, add the attribute with value 
# "smtp-deny" to the user entry.
# this is a MULTI-VALUE searchable text field of max 256 chars.
# I extend my previously defined attribute subtree, using sub oid 513
attributetype ( FooBarLDAPattributeType:513
        NAME 'fooBarService'
        DESC 'The name of an available service for the fooBar*Object'
        EQUALITY caseIgnoreIA5Match
        SUBSTR caseIgnoreIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

# Now the same "grey-list" attribute but using a more common,
# this is a binary field, SINGLE-VALUE
# I extend my previously defined attribute subtree, using sub oid 514
attributetype ( FooBarLDAPattributeType:514
  NAME 'postfix-greylist'
  EQUALITY booleanMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )

# For more attributes, look for existing one in other files in the 
# schema directory and just rename the field that match your need.

# Now I want to extent the 'k=kolab' and user entry using these fields
# I extend my previously defined object subtree, using sub oid 38
objectClass ( FooBarLDAPobjectClass:38
        NAME 'fooBarServerObject'
        AUXILIARY
        MAY ( fooBarService $
              postfix-greylist ))

objectClass ( FooBarLDAPobjectClass:39
        NAME 'fooBarInetOrgPerson'
        AUXILIARY
        MAY ( fooBarService ))

I restart kolab's openldap 

# openpkg rc openldap stop start

Thats it !

Now I can define the new attribute using ldapmodify 

export base_dn="dc=mydomain,dc=loc"
export bind_dn="cn=manager,cn=internal,$base_dn"
export password="secret"

# /kolab/bin/ldapmodify -D "$bind_dn" -w "$bind_pw" <<EOF
dn: k=kolab,$base_dn
changetype: modify
add: objectClass
objectClass: fooBarServerObject
-
replace: postfix-greylist
postfix-greylist: TRUE
EOF

or deny a user of relaying emails using my favorite ldap editor: ldapvi 

# ldapvi "(mail=alain.spineux@mydomain.loc)"

and add these two fields: 

objectClass: fooBarInetOrgPerson
emailgencyService: smtp-deny

Of course, to be working for real, you have to modify the main.cf.template file by adding some statement like .... 

@@@if postfix-greylist@@@
....
@@@endif@@@

and update the kolab_smtpdpolicy script to take care of the new "smtp-deny" service.

Hope this help.

Retrieved from "http://wiki.kolab.org/index.php/Extending_the_ldap_schema"
Personal tools
Page Categories