By: Thomas Maerz user 05 Feb 2018 at 3:19 p.m. CST

6 Responses
Thomas Maerz gravatar
Hello, According to [Gluu 3.1.2 Installation Guide - Clustering](https://gluu.org/docs/ce/3.1.2/installation-guide/cluster/), it is recommended to run OpenDJ in order to do HA/Clustering for this version. However... the GUI no longer has an add attribute button. In recent versions of Gluu, this button has been replaced with a Register attribute button which gets used after adding the custom attribute on the command line for slapd/OpenLDAP as per here: [Gluu 3.1.2 Admin Guide - Attributes](https://gluu.org/docs/ce/3.1.2/admin-guide/attribute/). These instructions only deal with slapd/OpenLDAP though. If I try to follow the 3.1.2 documentation to add a custom attribute, it does not work, because the file ```/opt/gluu/schema/openldap/custom.schema``` does not exist, nor does the file path leading up to that file. Do I simply need to be looking elsewhere for this file (I find this unlikely) or is there another method of adding custom attributes for OpenDJ (this would be my best guess). Since the last version of Gluu to include OpenDJ as the default LDAP backend is 2.4.4, and that version included a GUI method of creating custom attributes on OpenDJ, I can't seem to find any documentation on how to add a custom attribute to OpenDJ for Gluu Server 3.1.2. Is Gluu community support able to advise on how to create compliant custom attributes with OpenDJ that will work with Shibboleth 3.0 and other parts of Gluu, or point me to documentation that shows how this is accomplished? Without this, I don't think that it's possible to set up Clustering on Gluu Server 3.1.2 CE. Thank you for your help! Thomas Maerz

By Chris Blanton user 07 Feb 2018 at 10:14 a.m. CST

Chris Blanton gravatar
Thomas, To create custom attributes in Gluu 3.1.2 using OpenDJ, you have to modify the `/opt/opendj/config/schema/77-attributes.ldif` file. For example: ``` [root@c4 schema]# cat 77-customAttributes.ldif dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema attributeTypes: ( 1.3.6.1.4.1.48710.1.3.61 NAME 'xxxx' DESC 'Reference the dn of a person.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Gluu created attribute' ) attributeTypes: ( 1.3.6.1.4.1.48710.1.3.62 NAME 'iiiii' DESC 'Reference the dn of a person.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Gluu created attribute' ) attributeTypes: ( 1.3.6.1.4.1.48710.1.3.63 NAME 'test' DESC 'Reference the dn of a person.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Gluu created attribute' ) objectClasses: ( 1.3.6.1.4.1.48710.1.4.101 NAME 'gluuCustomPerson' SUP ( top ) AUXILIARY MAY ( telephoneNumber $ xxxx $ mobile $ test $ carLicense $ iiiii $ facsimileTelephoneNumber $ departmentNumber $ employeeType $ cn $ st $ manager $ street $ postOfficeBox $ employeeNumber $ preferredDeliveryMethod $ roomNumber $ secretary $ homePostalAddress $ l $ postalCode $ description $ title ) X-ORIGIN 'Gluu - Custom persom objectclass' ) ``` Then restarting openDJ and adding the attribute in oxTrust.

By Thomas Maerz user 11 Feb 2018 at 11:25 p.m. CST

Thomas Maerz gravatar
Looks like the docs are updated! Thanks so much for the answer and the updated docs. I'll give it a shot and let you know if I run into any troubles.

By Thomas Maerz user 11 Feb 2018 at 11:57 p.m. CST

Thomas Maerz gravatar
I do have a question: How do I know what the objectClasses number should look like? In your example you have listed 1.3.6.1.4.1.48710.1.3.62. I don't want to just make up some number as we don't want it to conflict or anything. Can I just take the existing number and increment it? Finally, the existing 77-customAttributes.ldif file does not have any attributeTypes listed. Do I just need to inject those above the existing objectClasses: section?

By Chris Blanton user 12 Feb 2018 at 11:25 a.m. CST

Chris Blanton gravatar
Thomas, Here's some documentation on OpenDJ schema: https://backstage.forgerock.com/docs/opendj/2.6/admin-guide/#about-schema ``` How do I know what the objectClasses number should look like? In your example you have listed 1.3.6.1.4.1.48710.1.3.62. I don't want to just make up some number as we don't want it to conflict or anything. ``` You can generally check inside the schema that there is no number match that same schema before you add it. The other schema inside Gluu also follow some numbering logic. See: ``` [root@c7 schema]# grep -ir objectClasses 00-core.ldif:attributeTypes: ( 2.5.21.6 NAME 'objectClasses' 00-core.ldif:objectClasses: ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass 00-core.ldif:objectClasses: ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName 00-core.ldif:objectClasses: ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c 00-core.ldif:objectClasses: ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL 00-core.ldif:objectClasses: ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o 00-core.ldif:objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou 00-core.ldif:objectClasses: ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) ... <snip> ... 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.37 NAME 'oxCustomScript' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.38 NAME 'oxDeviceRegistration' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.39 NAME 'oxU2fRequest' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.40 NAME 'oxMetric' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.41 NAME 'oxClientAuthorizations' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.42 NAME 'oxSectorIdentifier' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.43 NAME 'oxAsimbaConfiguration' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.44 NAME 'oxAsimbaSelector' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.45 NAME 'oxAsimbaIDP' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.46 NAME 'oxAsimbaRequestorPool' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.47 NAME 'oxAsimbaSPRequestor' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.48 NAME 'oxPassportConfiguration' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.49 NAME 'oxShibbolethCASProtocolConfiguration' 101-ox.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.50 NAME 'oxAuthUmaPCT' 77-customAttributes.ldif:objectClasses: ( 1.3.6.1.4.1.48710.1.4.101 NAME 'gluuCustomPerson' ``` This will show you all of the oid's for the schema in /opt/opendj/config/schema. As you can see they follow some numbering order after the initial numbering portion `1.3.6.1.4.1.48710.1.4.x`. I would pick a numbering format and check it against your current schema and also Google to see if it's not already taken: ``` [root@c7 schema]# grep -ir 1.3.6.1.4.1.42.2.27.5.2.1 05-solaris.ldif:objectClasses: ( 1.3.6.1.4.1.42.2.27.5.2.1 NAME 'SolarisProject' ``` and go from there. ``` Finally, the existing 77-customAttributes.ldif file does not have any attributeTypes listed. Do I just need to inject those above the existing objectClasses: section? ``` Yes, you need to add attribute types there with proper spacing and no line spacing between attributes or object classes. If you're having issues you can track the /opt/opendj/logs/errors for schema errors.

By Thomas Maerz user 17 Feb 2018 at 11:20 p.m. CST

Thomas Maerz gravatar
Thanks for the help. It's all working now. Before closing this ticket, I have a final question: Are there plans to add the ability to create custom attributes back into the GUI? It used to be there so it's somewhat disappointing that the feature is gone now, especially since in the current state, you must create the custom attribute in the text configuration file, but the interaction with the GUI is still required to "Register" the new attribute. Thanks! Thomas

By Mohib Zico Account Admin 21 Feb 2018 at 4:41 a.m. CST

Mohib Zico gravatar
Hi Thomas, Yes, we will add ( fix, actually) adding custom attribute from GUI ( oxTrust ).