I am writing an Identity and Access Management application in C programming language. So I use openLDAP for persisting user details and it provides a set of APIs to perform operations such as bind, add, search, modify etc. I created a new object class to hold my Application's user details as bellow,
attributetype ( 2.5.4.1 NAME 'id'
DESC 'RFC2256: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.2 NAME 'name'
DESC 'RFC2256: user name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.3 NAME 'email'
DESC 'RFC2256: user mail address'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
objectclass ( 2.5.4.4 NAME 'user'
DESC 'user details'
SUP top STRUCTURAL
MUST id
MAY ( name $ email ) )
Is it possible to add a new attribute 'phoneNumber' to the 'user' object class without directly editing schema file but by using APIs provided by openLDAP library?
The best practice would be to add an Auxiliary ObjectClass with no REQUIRED attributes and adding "MAY" attributes as needed.
After adding the AUX class to the Schema, then you can add, though a modify operation the AUX Class to any Structural ObjectClass entry as a ObjectClass value as desired.
This allows you to maintain the base schema intact.
-jim