RFC 2307aix schema for OpenLDAP

IBM recommends people use Tivoli Directory Server for LDAP authentication with AIX. Which is free for AIX use and contains all the proprietary schemas necessary. But, if you already have OpenLDAP, IBM uses a proprietary schema that makes full integration difficult. Or if you want to use the LDAP server for more than just AIX authentication, you have to buy the full product.

You can authenticate in RFC 2307 mode, but you miss most of the AIX specific user attributes. This schema works with RFC 2307AIX mode in AIX. Some modifications had to be made, mainly boolean attributes don’t work well between OpenLDAP and AIX. I don’t know if AIX or OpenLdap is more RFC compliant, but it’s broken. So, those are converted to text attributes, and seem to work well.

This schema is provided as-is, if it breaks free and destroys your world, it’s not my fault. If you fix anything broken, please send me the changes.

rfc2307aix

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. This seems seriously useful, right now I’m trying to add rfc2307aix to the only functional packaged openldap I could find for AIX 6.1 (namely pware53-64.openldap.rte 2.4.17.0).

    I’ve found out that as a prerequisite you need RFC2307 as defined in the nis.schema . This in turn depends on core.schema, cosine.schema and inetorgperson.schema.

  2. ah at last, I found this post again. You have few useful tips for my school project. Now, I won’t forget to bookmark it. 🙂

  3. Just a heads up, so of the attributes listed begin with: attributetypes:
    Newer versions of OpenLDAP give an error of: Old attribute type not supported.
    Need to be change to.
    attributetype

    Thanks!