go to  ForumEasy.com   
LdapPro  
 
 
   Home  |  MyForum  |  FAQ  |  Archive    You are not logged in. [Login] or [Register]  
Forum Home » Native LDAP Servers -- AD, OpenLdap, etc. » How to extend or modify Active Directory (AD) schema -- from JNDI
Email To Friend  |   Set Alert To This Topic Rewarding Points Availabe: 0 (What's this) New Topic  |   Post Reply
Author Topic: How to extend or modify Active Directory (AD) schema -- from JNDI
eLDAP
member
offline   
 
posts: 107
joined: 08/02/2006
from: Austin, TX
  posted on: 09/28/2012 08:02:49 PM    Edit  |   Quote  |   Report 
How to extend or modify Active Directory (AD) schema -- from JNDI

Step 1) Check to see if you have the right to do so

Before proceeding, make sure that your account used for JNDI connection is a member of the Schema Administrators group.

For example, the following account has the right to modify schema.
dn: CN=testUser,CN=Users,DC=Example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=Example,DC=com
...


 Profile | Reply Points Earned: 0
eLDAP
member
offline   
 
posts: 107
joined: 08/02/2006
from: Austin, TX
  posted on: 09/28/2012 08:15:31 PM    Edit  |   Quote  |   Report 
Step 2) Create new attributes
You have to first create all attributes which are used to comprise objectlasses.

For example, create attribute 'hrSalaryLevel'

try {
		 
    // The initial directory context
    LdapContext ctx = new InitialLdapContext(env, null);
 
    // Create a new attribute named hrSalaryLevel
    Attributes attrs = new BasicAttributes(true); 
    attrs.put("adminDescription", "Human Resources Salary Level");
    attrs.put("adminDisplayName", "hr-Salary-Level");
    attrs.put("attributeID", 
        "1.2.840.113556.1.4.7000.141"); // Must be registered in advance
    attrs.put("attributeSyntax", "2.5.5.9");
    attrs.put("oMSyntax", "2");
    attrs.put("isSingleValued", "TRUE");
    attrs.put("lDAPDisplayName", "hrSalaryLevel");
    attrs.put("cn","hr-Salary-Level");
    attrs.put("objectCategory", 
        "CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com");
    attrs.put("objectClass", "attributeSchema");
    attrs.put("searchFlags", "0");
 
    // Attribute schema entry's dn
    String schema_dn = 
        "CN=hr-Salary-Level,CN=Schema,CN=Configuration,DC=example,DC=com"; 

    // create the schema entry
    ctx.createSubcontext(schema_dn, attrs);
			
    //Force the change to be taken effect 
    ModificationItem[] mods = new ModificationItem[1];
    mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
                    new BasicAttribute("schemaupdatenow","1"));
    ctx.modifyAttributes("", mods);  // RootDSE
 
    System.out.println("Successfully modified schema");
    ctx.close();
		
}catch (NamingException e) {
    System.err.println("Problem modifying schema: " + e);
}


and then attribute 'hrSocialSecurityNumber'
try {
     
    // The initial directory context
    LdapContext ctx = new InitialLdapContext(env, null);
 
    // Create a new attribute named hrSocialSecurityNumber
    Attributes attrs = new BasicAttributes(true);
    attrs.put("adminDescription", "Human Resources Social Security Number");
    attrs.put("adminDisplayName", "hr-Social-Security-Number");
    attrs.put("attributeID", 
        "1.2.840.113556.1.4.7000.142"); // Must be registered in advance
    attrs.put("attributeSyntax","2.5.5.12");
    attrs.put("oMSyntax","64");
    attrs.put("rangeLower","0");
    attrs.put("rangeUpper","128");
    attrs.put("isSingleValued","FALSE");
    attrs.put("lDAPDisplayName","hrSocialSecurityNumber");
    attrs.put("cn","hr-Social-Security-Number");
    attrs.put("objectCategory",
        "CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com");
    attrs.put("objectClass","attributeSchema");
    attrs.put("searchFlags","0");
    
    // Attribute schema entry's dn
    String schema_dn = 
    	"CN=hr-Social-Security-Number,CN=Schema,CN=Configuration,DC=example,DC=com"; 

    // create the schema entry
    ctx.createSubcontext(schema_dn, attrs);
    
    //Force the change to be taken effect 
    ModificationItem[] mods = new ModificationItem[1];
    mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
    		new BasicAttribute("schemaupdatenow","1"));
    ctx.modifyAttributes("", mods);  // RootDSE
 
    System.out.println("Successfully modified schema");
    ctx.close();
		
}catch (NamingException e) {
    System.err.println("Problem modifying schema: " + e);
}

 Profile | Reply Points Earned: 0
eLDAP
member
offline   
 
posts: 107
joined: 08/02/2006
from: Austin, TX
  posted on: 09/28/2012 08:34:10 PM    Edit  |   Quote  |   Report 
Step 3) Create new classes
Create new auxilliary class:
try {
     
    // The initial directory context
    LdapContext ctx = new InitialLdapContext(env, null);
 
    // Create a new auxilliary class
    Attributes attrs = new BasicAttributes(true);
    attrs.put("adminDescription", "Human Resources Auxilliary Class");
    attrs.put("adminDisplayName", "hr-Human-Resources");
    attrs.put("governsID", 
    	"1.2.840.113556.1.4.7000.17"); // Must be registered in advance
    attrs.put("lDAPDisplayName", "hrHumanResources");
    attrs.put("cn", "hr-Human-Resources");
    attrs.put("objectCategory",
    	"CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,DC=com");
    attrs.put("objectClass", "classSchema");
    attrs.put("objectClassCategory", "3");
    attrs.put("rDNAttID", "cn");
    attrs.put("possSuperiors", "organizationalUnit");
    attrs.put("possSuperiors", "container");
    attrs.put("subClassOf", "top");
    attrs.put("mayContain", "hrSocialSecurityNumber");
    attrs.put("mayContain", "hrSalaryLevel");

    // Attribute schema entry's dn
    String schema_dn = 
    	"CN=hr-Human-Resources,CN=Schema,CN=Configuration,DC=example,DC=com"; 

    // create the schema class entry
    ctx.createSubcontext(schema_dn, attrs);

    //Force the change to be taken effect 
    ModificationItem[] mods = new ModificationItem[1];
    mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
    		new BasicAttribute("schemaupdatenow","1"));
    ctx.modifyAttributes("", mods);  // RootDSE
 
    System.out.println("Successfully modified schema");
    ctx.close();
		
}catch (NamingException e) {
    System.err.println("Problem modifying schema: " + e);
}
 Profile | Reply Points Earned: 0
eLDAP
member
offline   
 
posts: 107
joined: 08/02/2006
from: Austin, TX
  posted on: 09/28/2012 09:01:03 PM    Edit  |   Quote  |   Report 
Step 4) Extend target class
try {
     
    // The initial directory context
    LdapContext ctx = new InitialLdapContext(env, null);
 
    //Modify the user class to add the hrHumanResources class as an auxilliary class
    ModificationItem[] mods = new ModificationItem[1];
    mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
    		new BasicAttribute("auxiliaryClass","hrHumanResources"));
    ctx.modifyAttributes("CN=User,CN=Schema,CN=Configuration,DC=example,DC=com", mods);

    //Force the change to be taken effect 
    mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
    		new BasicAttribute("schemaupdatenow","1"));
    ctx.modifyAttributes("", mods);  // RootDSE
 
    System.out.println("Successfully modified schema");
    ctx.close();
		
}catch (NamingException e) {
    System.err.println("Problem modifying schema: " + e);
}

 Profile | Reply Points Earned: 0

 
Powered by ForumEasy © 2003-2005, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.