Extend intOrgPerson in OpenLDAP 2.4

I could see there are very less resources on the the subject when it is needed to extend an OpenLDAP schema. This will help to integrate the server(Authentication Server) with the LDAP without any changes to the claims.

The following schema will be used to extend the intOrgPerson.

Add the following schema to /etc/ldap/schema

If you are using a docker image,
Goto the docker image docker exec -u root -it <container-id> /bin/bash
Install vim using apt-get update and apt-get install vim
to add the wso2person.schema content

Create a folder as /tmp/openldapldif and add slapd.conf with below content as follow which are all the schema files in /etc/ldap/schema

Then execute command cd /tmp/openldapldif && slaptest -f sldap.conf -F . and the result should be as config file testing succeeded.

In case, if you get any errors such as 6501adf5 /etc/ldap/schema/wso2person.schema: line 32 attributetype: Inconsistent duplicate attributeType: “role", just try to find the schema file with “role” and remove that file from the slapd.conf. In my case, I could test my schema with just the following.

In /tmp/openldapldif folder, there should be three folders created which is as cn=config’ ‘cn=config.ldif’ sldap.conf

Navigate to /tmp/openldapldif/cn=config/cn=schema.

Edit the the cn={3}wso2person.ldif file to make the content as below. The number within {} can be changed with the number of schema files that you have in the slapd.conf

Execute ldapadd -Y EXTERNAL -H ldapi:// -f cn\=\{3\}wso2person.ldif command and you should get a response as follows.

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=wso2person,cn=schema,cn=config"

In the apache DS studio, you should be able to search the object when adding a new entry.

You could confirm by executing command ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:// -b cn=schema,cn=config, which you will get the list of objects including wso2person.

Alternatively, you could check using the Apache Directory Studio when adding a new entry.

Hope this tutorial will help you to extend any schema that you want without a hassle.

Note:

Incase, if you are using WSO2 Identity server, use the following ldifs for the scimPerson and identityPerson

in the /tmp/openldapldif/cn=config/cn=schema folder, add the two schemas

And use the following commands to add it to the LDAP

ldapadd -Y EXTERNAL -H ldapi:// -f identityperson.ldif
ldapadd -Y EXTERNAL -H ldapi:// -f scimperson.ldif