Recipe 10.7 Adding a New Attribute

10.7.1 Problem

You want to add a new attribute to the schema.

10.7.2 Solution

For Windows 2000 Active Directory you need to enable schema modifications before proceeding. See Recipe 10.2 for more information.

10.7.2.1 Using a graphical user interface
  1. Open the Active Directory Schema snap-in.

  2. In the left pane, right-click on the Attributes folder and select Create Attribute.

  3. Click the Continue button to confirm that you want to extend the schema.

  4. Enter the information for the new attribute.

  5. Click OK.

10.7.2.2 Using a command-line interface

You can create new attributes by using ldifde and an LDIF file that contains the properties to be set on the attribute. The following text shows an example LDIF file called create_attr.ldf that creates an attribute called rallencorp-LanguagesSpoken:

dn: cn=rallencorp-LanguagesSpoken,cn=schema,cn=configuration,<ForestRootDN> changetype: add objectclass: attributeSchema lDAPDisplayName: rallencorp-LanguagesSpoken attributeId: 1.3.6.1.4.1.999.1.1.28.3 oMSyntax: 20 attributeSyntax: 2.5.5.4 isSingleValued: FALSE searchFlags: 1 description: "Languages a user speaks"

Then run the following command:

> ldifde -v -i -f create_attr.ldf
10.7.2.3 Using VBScript
' This code illustrates how to create an attribute ' called rallencorp-LanguagesSpoken set objRootDSE = GetObject("LDAP://RootDSE") set objSchemaCont = GetObject("LDAP://" & _                               objRootDSE.Get("schemaNamingContext") ) set objAttr = objSchemaCont.Create("attributeSchema", _                                    "cn=rallencorp-LanguagesSpoken") objAttr.Put "lDAPDisplayName", "rallencorp-LanguagesSpoken" objAttr.Put "attributeId", "1.3.6.1.4.1.999.1.1.28.3" objAttr.Put "oMSyntax", 20 objAttr.Put "attributeSyntax", "2.5.5.4" objAttr.Put "isSingleValued", FALSE objAttr.Put "description", "Languages a user speaks" objAttr.Put "searchFlags", 1  ' index the attribute objAttr.SetInfo WScript.Echo "Attribute created"

10.7.3 Discussion

To create an attribute, you need to add an attributeSchema object to the Schema container. Typically, when you extend the schema, you perform several additions or modifications at once. The order of your extensions is very important. You can't create a class, assign an attribute, and then create the attribute; you obviously need to create the attribute before it can be assigned to the class. Even if you create the attribute before you assign it to a class, you must reload the schema before doing the class assignment. Reloading the schema is described in more detail in Recipe 10.22.

Most of the attributes that can be set on attributeSchema objects are pretty straightforward, but a couple of them take a little explanation. The attributeSyntax and oMSyntax attributes together define the syntax, or the type of data that can be contained in the attribute. Table 10-3 shows the possible combinations of these two attributes and the resulting syntax.

Table 10-3. attributeSyntax and oMSyntax combinations

Name

attributeSyntax

oMSyntax

Description

AccessPointDN

2.5.5.14

127

Type of distinguished name taken from X.500.

Boolean

2.5.5.8

1

TRUE or FALSE value.

CaseExactString

2.5.5.3

27

Case-sensitive string.

CaseIgnoreString

2.5.5.4

20

Case-insensitive string.

DirectoryString

2.5.5.12

64

Case-insensitive Unicode string.

DN

2.5.5.1

127

String representing a distinguished name.

DNWithBinary

2.5.5.7

127

Octet string that has the following format:

B:CharCount:BinaryValue:ObjectDN

where CharCount is the number of hexadecimal digits in BinaryValue, BinaryValue is the hexadecimal representation of the binary value, and ObjectDN is a distinguished name.

DNWithString

2.5.5.14

127

Octet string that contains a string value and a DN. A value with this syntax has the following format:

S:CharCount:StringValue:ObjectDN

where CharCount is the number of characters in the StringValue string, and ObjectDN is a distinguished name of an object in Active Directory.

Enumeration

2.5.5.9

10

Defined in X.500 and treated as an integer.

GeneralizedTime

2.5.5.11

24

Time string format defined by ASN.1 standards. See ISO 8601 and X.680.

IA5String

2.5.5.5

22

Case-sensitive string containing characters from the IA5 character set.

Integer

2.5.5.9

2

32-bit integer.

Integer8

2.5.5.16

65

64-bit integer, also known as a large integer.

NTSecurityDescriptor

2.5.5.15

66

Octet string that contains a security descriptor.

NumericString

2.5.5.6

18

String that contains digits.

OctetString

2.5.5.10

4

Array of bytes used to store binary data.

OID

2.5.5.2

6

String that contains digits (0-9) and decimal points (.).

ORName

2.5.5.7

127

Taken from X.400; used for X.400 to RFC 822 mapping.

PresentationAddress

2.5.5.13

127

String that contains OSI presentation addresses.

PrintableString

2.5.5.5

19

Case-sensitive string that contains characters from the printable character set.

ReplicaLink

2.5.5.10

127

Used by Active Directory internally.

Sid

2.5.5.17

4

Octet string that contains a security identifier (SID).

UTCTime

2.5.5.11

23

Time string format defined by ASN.1 standards.

The searchFlags attribute is a bit flag that defines special properties related to searching with the attribute. Table 10-4 contains the values that can be set for this attribute. The values are cumulative; so in order to index an attribute and include it in ANR searches, you would set a value of 5 (1 + 4).

Table 10-4. searchFlags bit values

Value

Description

1

Index over attribute. See Recipe 10.11 for more information.

2

Index over container and attribute.

4

Include as part of Ambiguous Name Resolution (ANR). Should be used in addition to 1. See Recipe 10.13 for more information.

8

Preserve attribute in tombstone objects.

16

Copy attribute when duplicating an object. See Recipe 10.12 for more information.

32

Create a tuple index for this attribute. This improves the response time for searches that put a wildcard in front of the search string for the attribute, (e.g., givenname=*on).

10.7.4 See Also

Recipe 4.12 for setting a bit flag, Recipe 10.9 for adding a new class, and Recipe 10.22 for reloading the schema



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net