Extend intOrgPerson in OpenLDAP 2.4

I could see there are very less resources on the the subject when it is needed to extend an OpenLDAP schema. This will help to integrate the server(Authentication Server) with the LDAP without any changes to the claims.

The following comand can be used to start the LDAP server and the username would be cn=admin;dc=example;dc=org and with the password admin.

docker run -d --name ldap -p 10389:389 -p 10636:636 -e LDAP_ORGANISATION=sampleOrg -e LDAP_DOMAIN=example.org -e LDAP_ADMIN_PASSWORD=admin osixia/openldap:1.5.0

Have the following schema content in wso2Person.schema in the host machine which will be used to extend the intOrgPerson. And add the schema to /etc/ldap/schema using docker cp {path_to_local_scehema_file}/wso2Person.schema ldap:/etc/ldap/schema

Create a folder in the ldap container as /tmp/openldapldif. Create a sldap.conf with below content in the host machine, which are all the schema files in /etc/ldap/schema. Then, copy to the container using docker cp {path_to_local_scehema_file}/sldap.conf ldap:/tmp/openldapldif

In the container, navigate to /tmp/openldapldif and execute command in the container slaptest -f sldap.conf -F . and the result should be as config file testing succeeded.

In case, if you get any errors such as 6501adf5 /etc/ldap/schema/wso2person.schema: line 32 attributetype: Inconsistent duplicate attributeType: “role", just try to find the schema file with “role” and remove that file from the slapd.conf. In my case, I could test my schema with just the following.

In /tmp/openldapldif folder, there should be three folders created which is as cn=config’ ‘cn=config.ldif’ sldap.conf

Navigate to /tmp/openldapldif/cn=config/cn=schema.

Edit the the cn={3}wso2person.ldif file to make the content as below. The number within {} can be changed with the number of schema files that you have in the slapd.conf

Execute ldapadd -Y EXTERNAL -H ldapi:// -f cn\=\{3\}wso2person.ldif command and you should get a response as follows.

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=wso2person,cn=schema,cn=config"

In the apache DS studio, you should be able to search the object when adding a new entry.

You could confirm by executing command ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:// -b cn=schema,cn=config, which you will get the list of objects including wso2person.

Alternatively, you could check using the Apache Directory Studio when adding a new entry.

Hope this tutorial will help you to extend any schema that you want without a hassle.

Note:

Incase, if you are using WSO2 Identity server, use the following ldifs for the scimPerson and identityPerson

in the /tmp/openldapldif/cn=config/cn=schema folder, add the two schemas

And use the following commands to add it to the LDAP

ldapadd -Y EXTERNAL -H ldapi:// -f scimperson.ldif
ldapadd -Y EXTERNAL -H ldapi:// -f identityperson.ldif