I'm trying to add a custom attribute (called rank) to the inetOrgPerson person objectclass. Even though it appears that the attribute is getting added successfully, I can't filter by it or retrieve it using ldapsearch though I do see the attribute with slapcat.
I'm using this osixia/openldap:1.5.0 and mounting my ldif with the following run command
docker run \
--env LDAP_DOMAIN="example.com" \
-p 389:389 -p 636:636 \
--volume ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \
--name my-openldap-container osixia/openldap:1.5.0 --copy-service --loglevel debug
My ldif:
dn: cn=schema,cn=config
changetype: modify
add: olcAttributetypes
olcAttributetypes: ( 1.1.3.5.1
NAME 'rank'
DESC 'The rank of the user'
EQUALITY integerMatch
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
add: olcObjectclasses
olcObjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.16
NAME 'rankedUser'
DESC 'User with rank'
SUP inetOrgPerson
STRUCTURAL
MUST ( rank ) )
dn: cn=developer,dc=example,dc=com
changetype: add
objectclass: rankedUser
cn: developer
givenname: developer
sn: Developer
displayname: Developer User
mail: [email protected]
userpassword: developer_pass
rank: 3
I confirmed that leaving rank out of the user definition throws an error so it appears that the attribute is getting added.
However, ldapsearch can't find it with a filter:
docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -w admin "(rank=3)"
returns
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (rank=3)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Using (rank=*) returns similar.
And I don't see rank in the response when I get all the objects on the server
docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -w admin "(rank=3)"
returns
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (rank=3)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
But I do see rank when I use slapcat
docker exec my-openldap-container slapcat
61e08e36 UNKNOWN attributeDescription "RANK" inserted.
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example
structuralObjectClass: organization
entryUUID: 44ed7b62-08fb-103c-9cac-c5862f1bdce7
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20220113202936Z
entryCSN: 20220113202936.386692Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20220113202936Z
dn: cn=developer,dc=example,dc=com
objectClass: rankedUser
cn: developer
givenName: developer
sn: Developer
displayName: Developer User
mail: [email protected]
userPassword:: ZGV2ZWxvcGVyX3Bhc3M=
RANK: 3
structuralObjectClass: rankedUser
entryUUID: 4552226a-08fb-103c-8116-518769f951e0
creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
createTimestamp: 20220113202937Z
entryCSN: 20220113202937.046343Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20220113202937Z
But for some reason RANK is in all caps
Also something that might be related is that I see this in the logs on startup
61e08bb1 @(#) $OpenLDAP: slapd 2.4.57+dfsg-1~bpo10+1 (Jan 30 2021 06:59:51) $
Debian OpenLDAP Maintainers <[email protected]>
61e08bb1 UNKNOWN attributeDescription "RANK" inserted.
61e08bb1 slapd starting
Would appreciate any help on why I can't query on or see rank.
Thank you!
I needed to mount a schema file to /container/service/slapd/assets/config/bootstrap/schema/custom with the custom attributes. I made a file schema/custom.schema with the following contents:
attributetype ( 2.25.1 NAME 'rank' DESC 'User Rank' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
objectclass ( 2.25 NAME 'rankPerson' DESC 'A user with a rank' SUP inetOrgPerson STRUCTURAL MUST ( rank ) )
And then I mounted it into my docker container
docker run \
--env LDAP_DOMAIN="example.com" \
-p 389:389 -p 636:636 \
--volume ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \
--volume schema:/container/service/slapd/assets/config/bootstrap/schema/custom \
--name my-openldap-container osixia/openldap:1.5.0 --copy-service --loglevel debug
And now I can filter by rank
~/% docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -w admin "(rank=3)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (rank=3)
# requesting: ALL
#
# developer, example.com
dn: cn=developer,dc=example,dc=com
objectClass: rankPerson
cn: developer
givenName: developer
sn: Developer
displayName: Developer User
mail: [email protected]
userPassword:: ZGV2ZWxvcGVyX3Bhc3M=
rank: 3
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1