5.15.3 Extension of object class and user definition attributes

When single sign-on is used, register the object class and user definition attributes that are specific to the single sign-on library to the LDAP directory server, in order to extend the object class and user attribute definitions.

The extended object class and user definition attributes are the schemas that are specific to single sign-on library and cannot be shared with other systems. If the LDAP directory server has already been used, check the schemas being used in the LDAP directory server to make sure that the schemas that are specific to single sign-on are not used.

Organization of this subsection

(1) Object Class to be extended in the single sign-on library
(2) User definition attributes to be extended in the single sign-on library
(3) Procedures used to add the object class and user definition attributes to be extended

(1) Object Class to be extended in the single sign-on library

The following table shows the object class that is specific to the single sign-on library.

Table 5‒11: Object class that is specific to the single sign-on library
Object class	OID	Required attribute	Optional attribute
`CosminexusSSOEntry`	`1.2.392.200010.7.6.21`	`objectClass`, `CosminexusSSOEntryID`, `CosminexusSSOUID`	`CosminexusSSOSecretdata`, `CosminexusSSOPublicdata`, `CosminexusSSOMapping`

To Page Top

(2) User definition attributes to be extended in the single sign-on library

The following table shows the attributes that are specific to the single sign-on library.

Table 5‒12: Attributes that are specific to the single sign-on library
Attribute	OID	Syntax	Multi-value/single value
`CosminexusSSOEntryID`	`1.2.392.200010.7.4.71`	`cis`	`Single value`
`CosminexusSSOUID`	`1.2.392.200010.7.4.72`	`ces`	`Single value`
`CosminexusSSOSecretdata`	`1.2.392.200010.7.4.73`	`bin`	`Single value`
`CosminexusSSOPublicdata`	`1.2.392.200010.7.4.74`	`ces`	`Single value`
`CosminexusSSOMapping`	`1.2.392.200010.7.4.75`	`dn`	`Multi-value`

To Page Top

(3) Procedures used to add the object class and user definition attributes to be extended

This section explains the procedures used to add the object class and user definition attributes to be extended with respect to the types of LDAP directory servers.

Sun Java System Directory Server or Oracle Directory Server Enterprise Edition:

Make sure that the LDAP directory server is started and register uaschema.slapd.ldif to the LDAP directory server by using the following command:

ldapmodify -h host name -p port number -D management bind DN -w password -c -f uaschema.slapd.ldif

IBM SecureWay Directory or IBM Directory Server:

Make sure that the LDAP directory server is started and register uaschema.ldif to the LDAP directory server by using the following command:

ldapmodify -h host name -p port number -D bind DN -w password -c -f uaschema.ldif

Specify the bind DN that has administrative rights.

Active Directory:

Change the settings so that the schemas can be changed in Active Directory. Start Microsoft Management Consol (mmc.exe) and click Add or Remove Snap-ins to add Active Directory schemas. Right-click Active Directory Schema, select Operations Master, select the The Schema may be modified on this Domain Controller check box, and then click the OK button.
Use the following command to register uaschema.ad.ldif to Active Directory (when you want to connect to the domain controller to which you log on as the current logged on user).

     ldifde -i -c "dc=domain" "ToDN" -f uaschema.ad.ldif

Enter the appropriate DN in ToDN, which depends on the domain. For example, if the domain is hitachi.co.jp, ToDN will be dc=hitachi,dc=co,dc=jp.

To Page Top