I am trying to extend FreeIPA person schema to add the country
field in the default user.
As far as I know, FreeIPA does implement the RFC 4519, which does provide a [country field][1].
When I dump the schema of FreeIPA (via ldapsearch -x -b cn=schema objectclasses attributetypes > schema.ldif
) I see that the country definition is present by default, but it is not part of the person or any extension of the person.
So I have created the following ldif (note that the OID is basically random, I did not yet register anything since I am testing stuff around:
dn: cn=schema
changetype: modify
add: objectclasses
objectclasses: ( 2.25.2866739172111323825341701611583088740684.14.2.1 NAME 'customPerson' SUP person STRUCTURAL MAY (country) X-ORIGIN 'Extending FreeIPA' )
But when I run this via `ldapmodify8 I get the following error:
$ ldapmodify -D "cn=Directory Manager" -W -f customPerson.ldif
Enter LDAP Password:
modifying entry "cn=schema"
ldap_modify: Invalid syntax (21)
additional info: object class customPerson: Unknown allowed attribute type "country"
What did I do wrong, and how to fix it so that I can use the country
field in all my users?
[1]: https://www.rfc-editor.org/rfc/rfc4519#ref-X.521
Best Answer
I actually found an answer after continuing to tinker on this.
Turns out the
country
is not an attribute, but an objectclass, so after addingcountry
andfriendlyCountry
into the default IPA objectuserclasses (via IPA Server > Configuration > User Options), I then created the following update file:You need to define the
c
attribute has it is needed for bothcountry
andfriendlyCountry
.I can now see this with the
ipa user-show --all test
command.