| |
Step 2) Create new attributes |
|
|
Subject: Step 2) Create new attributes
Author: eLDAP
In response to: How to extend or modify Active Directory (AD) schema -- from JNDI
Posted on: 09/28/2012 08:15:31 PM
You have to first create all attributes which are used to comprise objectlasses.
For example, create attribute 'hrSalaryLevel'
try {
// The initial directory context
LdapContext ctx = new InitialLdapContext(env, null);
// Create a new attribute named hrSalaryLevel
Attributes attrs = new BasicAttributes(true);
attrs.put("adminDescription", "Human Resources Salary Level");
attrs.put("adminDisplayName", "hr-Salary-Level");
attrs.put("attributeID",
"1.2.840.113556.1.4.7000.141"); // Must be registered in advance
attrs.put("attributeSyntax", "2.5.5.9");
attrs.put("oMSyntax", "2");
attrs.put("isSingleValued", "TRUE");
attrs.put("lDAPDisplayName", "hrSalaryLevel");
attrs.put("cn","hr-Salary-Level");
attrs.put("objectCategory",
"CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com");
attrs.put("objectClass", "attributeSchema");
attrs.put("searchFlags", "0");
// Attribute schema entry's dn
String schema_dn =
"CN=hr-Salary-Level,CN=Schema,CN=Configuration,DC=example,DC=com";
// create the schema entry
ctx.createSubcontext(schema_dn, attrs);
//Force the change to be taken effect
ModificationItem[] mods = new ModificationItem[1];
mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("schemaupdatenow","1"));
ctx.modifyAttributes("", mods); // RootDSE
System.out.println("Successfully modified schema");
ctx.close();
}catch (NamingException e) {
System.err.println("Problem modifying schema: " + e);
}
and then attribute 'hrSocialSecurityNumber'
try {
// The initial directory context
LdapContext ctx = new InitialLdapContext(env, null);
// Create a new attribute named hrSocialSecurityNumber
Attributes attrs = new BasicAttributes(true);
attrs.put("adminDescription", "Human Resources Social Security Number");
attrs.put("adminDisplayName", "hr-Social-Security-Number");
attrs.put("attributeID",
"1.2.840.113556.1.4.7000.142"); // Must be registered in advance
attrs.put("attributeSyntax","2.5.5.12");
attrs.put("oMSyntax","64");
attrs.put("rangeLower","0");
attrs.put("rangeUpper","128");
attrs.put("isSingleValued","FALSE");
attrs.put("lDAPDisplayName","hrSocialSecurityNumber");
attrs.put("cn","hr-Social-Security-Number");
attrs.put("objectCategory",
"CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com");
attrs.put("objectClass","attributeSchema");
attrs.put("searchFlags","0");
// Attribute schema entry's dn
String schema_dn =
"CN=hr-Social-Security-Number,CN=Schema,CN=Configuration,DC=example,DC=com";
// create the schema entry
ctx.createSubcontext(schema_dn, attrs);
//Force the change to be taken effect
ModificationItem[] mods = new ModificationItem[1];
mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("schemaupdatenow","1"));
ctx.modifyAttributes("", mods); // RootDSE
System.out.println("Successfully modified schema");
ctx.close();
}catch (NamingException e) {
System.err.println("Problem modifying schema: " + e);
}
>
> On 09/28/2012 08:02:49 PM eLDAP wrote:
Step 1) Check to see if you have the right to do so
Before proceeding, make sure that your account used for JNDI connection is a member of the Schema Administrators group.
For example, the following account has the right to modify schema.
dn: CN=testUser,CN=Users,DC=Example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=Example,DC=com
...
References:
|
|
|
|
