The cn=schema entry has a multivalued attribute, objectClasses, that contains definitions of each object class in the directory schema. You can add to those definitions by using the ldapmodify(1) command.
New object class definitions, and changes that you make to user-defined object classes, are saved in the file 99user.ldif.
If you are creating several object classes that inherit from other object classes, you must create the parent object classes first. If your new object class uses custom attributes, you must also define those first.
For each object class definition, you must provide at least an OID. Consider using at least the following elements for new object classes:
Object Class OID. Corresponds to the object identifier for your object class. An OID is a string, usually of dotted decimal numbers, that uniquely identifies the schema object.
For strict LDAP v3 compliance, you must provide a valid numeric OID. To learn more about OIDs or to request a prefix for your enterprise, send email to the IANA (Internet Assigned Number Authority) at iana@iana.org, or see the IANA web site.
Object class name. Corresponds to a unique name for the object class.
Parent object class. Is an existing object class from which this object class inherits attributes.
If you do not intend to have this object class inherit from another specific object class, use top.
Typically, if you want to add new attributes for user entries, the parent would be the inetOrgPerson object class. If you want to add new attributes for corporate entries, the parent is usually organization or organizationalUnit. If you want to add new attributes for group entries, the parent is usually groupOfNames or groupOfUniqueNames.
Required attributes. Lists and defines attributes that must be present for this object class.
Allowed attributes. Lists and defines additional attributes that can be present for this object class.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Prepare your object class definition according to the syntax specified in RFC 4517.
Use the ldapmodify(1) command to add your object class definition.
Notice that Directory Server adds X-ORIGIN 'user defined' to the definition that you provide.
The following example adds a new object class using the ldapmodify command:
$ cat blogger.ldif dn: cn=schema changetype: modify add: objectClasses objectClasses: ( 1.2.3.4.5.6.8 NAME 'blogger' DESC 'Someone who has a blog' SUP inetOrgPerson STRUCTURAL MAY blog ) $ ldapmodify -D cn=admin,cn=Administrators,cn=config -w - -f blogger.ldif Enter bind password: modifying entry cn=schema $ |
In a production environment, you would provide a valid, unique OID, not 1.2.3.4.5.6.8.