Adding "Info" Attribute to LDAP Schema for Linux OpenLDAP
The Unity card obtains group authorization information from a remote LDAP server for an LDAP user via
the “Info” attribute in the user’s remote LDAP user account. The “Info” attribute specifies group
authorization using “unity_group=<x>;” where <x> is “unityadmin” or “unityuser”. However, the user
account of an out-of-the-box Linux OpenLDAP installation does not provide the “Info” attribute so remote
LDAP support will not work until support for the “Info” attribute is added to LDAP user accounts.
The LDAP schema for a Linux OpenLDAP installation is defined and exists at “/etc/ldap/schema.” The
LDAP schema for a user account exists in the “nis.ldif” file and is specified in an objectClass named
“posixAccount.”
Add the the “Info” attribute as a member of “posixAccount” MUST attribute so that it is always considered
for specifying for a user. The “Info” attribute already exists in the LDAP schema, but it is not assigned to
anything in the default schema.
To add the "Info" attribute on a brand new OpenLDAP installation:
Before starting OpenLDAP, refer to the following to edit the “nis.ldif” file:
Original “posixAccount” object schema:
•
olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with
POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $
homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )
Updated “posixAccount” object schema with the “Info” attribute added:
•
olcObjectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with
POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $
homeDirectory $ Info ) MAY ( userPassword $ loginShell $ gecos $ description ) )
To add the "Info" attribute on an existing OpenLDAP installation:
Use “ldapmodify” or other LDAP administrator tool to add the “Info” attribute to the user accounts.
Vertiv™ | Liebert® IntelliSlot Unity Card Installer/User Guide
34
