We wish to store some data in 389 Directory Server LDAP that doesn't fit that well into the standard set of schema's that come with the product. Nothing too amazing, things like:
- when the customer joined
- are they currently active
- customer certificate[1]
- which environment they are using
My question is this: should we register with OID and start writing up our own custom schema OR is there a standard schema definition not provided by Directory Server that we can download and use that would fit our needs? Should we munge/hack existing attributes and store the data among there (I'm strongly opposed to this, but would be interested in arguments about why its better than extending)?
[1] I know there is a field for this userCertificate but we don't want to use it to authenticate the user for the purposes of binding
Using CentOS 5.5 with 389 Directory Server 8.1
Unless there are existing ObjectClasses that have the attributes you want you need to extend your LDAP server's schema to support these new attributes in a sane way (preferable to munging/recycling existing attributes for new purposes, and more flexible).
If there are already ObjectClasses that meet your requirements it's better to make your entities members of all the ObjectClasses they need to be in to have the attributes you require.
If you are creating new fields/objects and your organization does not already have one you will need to register an Private Enterprise Number (http://pen.iana.org/pen/PenApplication.page) to put your LDAP OIDs under.
See your LDAP server's documentation for more information on extending the schema (For 389 Directory Server, the Deployment guide, section 3.4 is a good starting place).