Creating a custom schema/ add to the existing schema for an in-memory UnboundID LDAP server

Question

I'm trying to duplicate a LDAP layout/schema from the field my application has to deal with-and I'm trying to recreate + test it via an automated test with the embeddable UnboundID LDAP server.

The situation it has to deal with is the user schema's 'memberOf' property like Active Directory has...but I'm not quite sure how to add a 'user' class to this ldap in memory.

1) Is this possible? 2) Is there a better strategy? 3) And what in particular should I do? I'm a LDAP newbie.

Below is my nonworking code.

Thanks, Mike Kohout

public class TestOpenLdap2
{
    private InMemoryDirectoryServer server;

    @Before
    public void start() throws Exception
    {
        InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=com");
        config.addAdditionalBindCredentials("cn=admin,ou=People,dc=example,dc=com", "cred");
        InMemoryListenerConfig listenerConfig = new InMemoryListenerConfig("test", null, 33390, null, null, null);
        config.setListenerConfigs(listenerConfig);
        server = new InMemoryDirectoryServer(config);
        server.startListening();
    }

    @Test
    public void testMemberOf() throws Exception
    {

        addEntry("dn: dc=com", "objectClass: top", "objectClass: domain", "dc: com");

        ObjectClassDefinition oc = new ObjectClassDefinition("10.19.19.78", new String[]{"user"}, "", false, new String[]{"TOP"},
                                                                              ObjectClassType.STRUCTURAL, new String[]{"memberOf"},
                                                                              new String[]{}, new HashMap());
        addEntry("dn: cn=schema2,dc=com", "objectClass: top", "objectClass: ldapSubEntry", "objectClass: subschema", "cn: schema2",
                    "objectClasses:  " + oc.toString());

        addEntry("dn: dc=people,dc=com", "objectClass: top", "objectClass: domain", "dc: people");
        addEntry("dn: dc=groups,dc=com", "objectClass: top", "objectClass: domain", "dc: groups");
        addEntry("dn: cn=test-group,dc=groups,dc=com", "objectClass: groupOfUniqueNames", "cn: test group");
        addEntry("dn: cn=Testy Tester,dc=people,dc=com", "objectClass: Person", "objectClass: user", "objectClass: organizationalPerson", "sn: Tester", "cn: Testy Tester", "memberOf: cn=test-group,dc=groups,dc=com");
    }

    public void addEntry(String... args) throws LDIFException, LDAPException
    {
        LDAPResult result = server.add(args);
        assert (result.getResultCode().intValue() == 0);
        System.out.println("added entry:" + Arrays.asList(args));
    }

Answer 1

Anyone who comes across this may be interested to know that the functionality referred to be Neil Wilson has been implemented (at least in com.unboundid:unboundid-ldapsdk:2.3.1) :)

Here is how you might replace the person objectClass with one which contains a userPrincipalName attribute:

dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.2.3.4.5.6.7 NAME 'userPrincipalName' DESC 'userPrincipalName as per Active Directory' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )

dn: cn=schema
changetype: modify
delete: objectClasses
objectClasses: ( 2.5.6.6
                 NAME 'person'
                 SUP top
                 STRUCTURAL
                 MUST ( sn $
                        cn )
                 MAY ( userPassword $
                       telephoneNumber $
                       seeAlso $
                       description )
                 X-ORIGIN 'RFC 4519' )

dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 2.5.6.6
                 NAME 'person'
                 SUP top
                 STRUCTURAL
                 MUST ( sn $
                        cn $
                        userPrincipalName )
                 MAY ( userPassword $
                       telephoneNumber $
                       seeAlso $
                       description ) )

Note that the person objectClass must be removed. It is defined as an 'objectClasses' attribute and you must specify the entire definition to reference it. The definition is in the default schema as mentioned by Neil: docs/standard-schema.ldif

I copied the userPrincipalName attribute definition from some Oracle docs which describe how to modify schema elements: http://docs.oracle.com/cd/E12839_01/oid.1111/e10035/ldif_appendix.htm#CHDCCJIG

Answer 2

At present, the in-memory directory server doesn't support online schema changes (i.e., updating the cn=schema entry via LDAP modify operations). That's on my to-do list, but it's not yet implemented.

However, if you just want to customize the schema that the server runs with, then you can simply initialize the server with the schema you want to use. You can create a schema from information in multiple files (and the one the in-memory server uses by default is included in the docs/standard-schema.ldif file, so you can just add a second file with the custom schema elements you want to use).

Neil