I am very new to LDAP, but I drew the short straw at work, and I have a requirement to add an attribute to inetOrgPerson. Yes I know that this is bad practice. But this is an internal temporary setup that will never see the light of day.
I am using ApacheDS for the ldap server. After getting over the total shock that inetOrgPerson does not have a last login time, I need to add one. We have a requirement to deactivate a user after 30 days of inactivity. (If anyone has another idea how to achieve this, i'm all ears.)
here is my ldif file to declare the attribute:
dn: cn=schema
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
##
## New attribute:
##
attributeTypes: ( 2.25.0554240483633132
NAME 'lastLoginTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
DESC 'Keeps track of logins for 30 days of inactivity check'
X-ORIGIN ' requirements' )
##
## Exising object to add attribute to
##
objectClasses: ( 2.16.840.1.113730.3.2.2
NAME 'inetOrgPerson'
SUP top
STRUCTURAL
MUST cn
MAY ( 2.25.0554240483633132 )
X-ORIGIN ' requirement' )
And to add it:
dn: cn=schema
changetype: modify
add: attributeTypes
##
## The new attribute type
##
attributeTypes: ( 2.25.0554240483633132
NAME 'lastLoginTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
DESC 'Keeps track of logins for 30 days of inactivity check'
X-ORIGIN 'requirement' )
Any help or ideas would be great. Thank you.
