Leonid Bogdanov wrote:
Ok, how can I add a new operational attribute to schema? I've tried several ways, but they didn't work.
What ways have you tried?
The usual way to do this is to create a new attribute, then create a new AUXILIARY objectclass with your new attribute as an allowed (MAY), not required (MUST), attribute. Then you should be able to add your objectclass to any existing entry, then add your attribute.When I created a new class based on 'inetorgperson' (e.g., 'inetorgpersonex') I couldn't create object of this class or change class of existing object (user account) by means of Fedora admin console.
The directory server adds two response controls to the bind request - the first one is the LDAP password expired control OID "2.16.840.1.113730.3.4.4" - the second one is the newer password policy response control OID "1.3.6.1.4.1.42.2.27.8.5.1" with the valid "password change after reset". The second is only returned if the client uses the password policy request control OID "1.3.6.1.4.1.42.2.27.8.5.1" with the bind request. The use of one or both of these controls should give your client information about the password. I would assume the JLDAP API allows you to send and receive LDAPv3 controls, and may even have support for these particular controls.I've tried to configure password policy too. But with enabled option 'user must change password after reset' and when administrator change user's password user succefully logins with new password and there are no exceptions or warnings that he must change it. My program is using Novell JLDAP library, just in case.
Thank you in advance! -----Original Message----- From: Rich Megginson <rmeggins@xxxxxxxxxx> To: Leonid Bogdanov <leonid_bogdanov@xxxxxxx>, "General discussion list for the 389 Directory server project." <fedora-directory-users@xxxxxxxxxx> Date: Thu, 16 Jul 2009 09:15:13 -0600 Subject: Re: [389-users] Adding custom attribute to classLeonid Bogdanov wrote:You should never add custom attributes to standard objectclasses such as inetOrgPerson. You should always extend the schema through inheritance (or create a new operational attribute if you must).Hello! How can I add custom attribute to 'inetorgperson' class? Preferably without inheritance.If you configure the password policy so that the user must change the password after a resetThe problem is that I want to have boolean attribute which I can check in my program and tell user that he must change password after admin reset. Something like 'pwdReset' attribute in OpenLDAP.http://www.redhat.com/docs/manuals/dir-server/8.1/admin/User_Account_Management.html#User_Account_Management-Managing_the_Password_PolicyWill that do what you want? You can also check the operational attribute passwordExpirationTimeThank you! -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-usersATTACHMENT: application/x-pkcs7-signature (smime.p7s)
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
