Hi, William. Please note that procedure to add custom attribute is changed in Gluu CE 3.0. It's not possible to achieve this only from web UI, you also need to add definition of new attribute to Gluu's schema manually in console. Then you can activate it in the web UI and start to use in user entries.

Just to be clear, I am not adding a new custom attribute to the Gluu configuration, just activating an attribute that is marked inactive in Configuration->Attributes. If I still need to make manual changes can you point me to some documentation on where to make the change? Thanks, Bill

> If I still need to make manual changes can you point me to some documentation on where to make the change? No, for pre-packaged attributes you shouldn't need to do this. Let me check it for myself. Just one question: what is full version of package you installed? Please note that latest version you should consider is CE 3.0.1 which has important fixes. Please don't use CE 3.0.0. Could your run `# rpm -qi gluu-server-3.0.1` and `# rpm -qi gluu-server-3.0.0` and share output with us?

From Bill: ``` rpm -qi gluu-server-3.0.0 Name : gluu-server-3.0.0 Relocations: (not relocatable) Version : 1 Vendor: Gluu, Inc. Release : 1.rhel6 Build Date: Tue 07 Feb 2017 11:33:56 AM EST Install Date: Tue 14 Feb 2017 04:40:28 PM EST Build Host: rhel6-rpm Group : Gluu Source RPM: gluu-server-3.0.0-1-1.rhel6.src.rpm Size : 1467807888 License: GLUU License Signature : RSA/8, Sat 11 Feb 2017 08:02:16 AM EST, Key ID 5b76117e0544ba38 Packager : Gluu support <support@gluu.org> Summary : Gluu chroot CE environment Description : Gluu base deployment for CE ```

Understood, thanks. Still, I'm able to confirm this issue in 3.0.1. I'm investigating it now.

I've create report for this, you can track its status [here](https://github.com/GluuFederation/oxTrust/issues/499), William.

William, not sure whether this will be of any help, but here is one way how to get user entries to which eduPerson attributes can be added: 1. Create all users you need in web UI as usual, with attributes it allows you to use 2. Move into container and create file `/tmp/.pw`, place your LDAP admin password there (by default it's the same as the one you are using to access web UI) 3. List all users you've just created using LDAP console tool. Here is example of search command: `# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X -D 'cn=directory manager,o=gluu' -j /tmp/.pw -b 'o=gluu' -z 5 '(uid=*)' uid`. If you are starting at freshly installed instance, there is only one user by default, with uid `admin`. So all the rest will be the ones you created. 4. On the previous step you were presented with DN for each user entry it found. Compose an ldif file `~/add_objctlss_eduperson.ldif` with structure like below: ``` dn: your-1st-dn changetype: modify add: objectclass objectclass: eduperson dn: your-2nd-dn changetype: modify add: objectclass objectclass: eduperson ... dn: your-nth-dn changetype: modify add: objectclass objectclass: eduperson ``` Now run next command: `# /opt/opendj/bin/ldapmodify -h 127.0.0.1 -p 1636 -Z -X -D 'cn=directory manager,o=gluu' -j /tmp/.pw -f ~/add_objctlss_eduperson.ldif`. This will add `eduPerson` objectclass to all your users. You should be able to add `edu*` attributes to them in web UI from now on. Let us know if you'll still have some difficulties to apply this workaround. Please describe your use case in more details so we could suggest a better option. Please also note that this issue doesn't affect user entries created by Cache Refresh feature, so your other option could be to rely on it for user creation as a workaround (assuming you have LDAP backend in your network, containing some user data). You can find information on how to utilize CR [here](https://gluu.org/docs/ce/3.0.1/admin-guide/user-group/#ldap-synchronization). There are also 3 video tutorials on the subject [here](https://www.youtube.com/watch?v=VnyCTUCRkic)