By: Eckhard Lehmann user 26 Feb 2019 at 3:12 a.m. CST

1 Response
Eckhard Lehmann gravatar
Hello, We want to use the Gluu LDAP schema and extend it by some objects and attributes, plus evtl. redefine or delete some of the existing entities (eg. the edu* objects are not necessary for our needs). The customized objects should be part of the authorization claims, so we want to use them in scopes. I had a look at the LDAP schema in 101-ox.ldif and got some of our extensions working by putting them into this file (I know, I could create another .ldif file and put it aside the others, anyway..). I created a new attributeType and a new objectClass, and then I created a new object from the class in the LDAP database during installation. I also found the Attributes customization page in oxTrust and mapped the new attribute to the user (gluuPerson), and now I can set the new attribute in the user management page in oxtrust and create a scope with the attribute as claim. The remaining thing is now: I want to manage the new objectClass in oxTrust. Its similar to the groups objectClass, it can contain users and groups. Ideally I want to have a new entry in the oxTrust navigation tree to add/manage objects of that new class, and add/remove users and groups to/from these objects. Furthermore this should be possible with SCIM. How is it possible to achieve this? I have not seen any possibility in the configuration area so far... Can I customize the oxTrust UI as described [here]( and create custom Java classes with business logic to manage the new object? If yes, how can I make this custom Java code work (I haven't extended Gluu like this before)? Or is it sufficient to create a custom script, and if so, how would this look like? And how can I manage these objects with SCIM?

By Michael Schwartz staff 02 Mar 2019 at 11:29 p.m. CST

Michael Schwartz gravatar
I agree with Zico that this area is beyond the realm of community support. To do what you're suggesting you'd have to fork oxTrust. And these are not features that Gluu would ever support, so you would have to maintain your own fork, and merge any future changes. Net-net, what you are suggesting is a horrible idea. Far better would be to write your own application to meet this requirement. That way you can use the tools you are familiar with. You'd be better off modeling this data in an RDBMS or JSON database. And then have this new user management application render the information as an attribute of the user (i.e. use the `/Users` endpoint to add this data to Gluu). oxTrust is primarily the admin UI for oxAuth. It's not meant to be a user administration tool.