Gluu LDAP Schema#

Below are the schemes for OpenDJ:

OpenDJ

Note

This section of the documentation is for reference only. Schemas should not be manually edited.

The below objectclasses and attributes are extracted from Gluu Specific Schemas.

pairwiseIdentifier#

oxId: Identifier
oxSectorIdentifier: ox Sector Identifier

gluuPerson#

oxAssociatedClient (or) associatedClient: Associate the dn of an OAuth2 client with a person or UMA Resource Set.
c
displayName
givenName
gluuManagedOrganizations: Used to track with which organizations a person is associated
gluuOptOuts: White pages attributes restricted by person in oxTrust profile management
gluuStatus: Status of the entry, used by many objectclasses
gluuWhitePagesListed: Allow Publication
iname
inum: XRI i-number
mail
gluuSLAManager: Specifies if the person has the SLA manager role
memberOf
o
oxAuthPersistentJWT: oxAuth Persistent JWT
oxCreationTimestamp: Registration time
oxExternalUid
oxLastLogonTime: Last logon time
oxTrustActive
oxTrustAddresses
oxTrustEmail
oxTrustEntitlements
oxTrustExternalId
oxTrustImsValue
oxTrustMetaCreated
oxTrustMetaLastModified
oxTrustMetaLocation
oxTrustMetaVersion
oxTrustNameFormatted
oxTrustPhoneValue
oxTrustPhotos
oxTrustProfileURL
oxTrustRole
oxTrustTitle
oxTrustUserType
oxTrusthonorificPrefix
oxTrusthonorificSuffix
oxTrustx509Certificate
oxPasswordExpirationDate: Password Expiration date, represented as an ISO 8601 (YYYY-MM-DD) format
persistentId: PersistentId
middleName (or) oxTrustMiddleName: Middle name(s)
nickname (or) oxTrustnickname: Casual name of the End-User
preferredUsername: Shorthand Name
profile: Profile page URL of the person
picture (or) photo1: Profile picture URL of the person
website: Web page or blog URL of the person
emailVerified: True if the e-mail address of the person has been verified; otherwise false
gender: Gender of the person, either female or male
birthdate: Birthday of the person, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format
zoneinfo (or) timezone: Time zone database representing the End-Users time zone. For example, Europe/Paris or America/Los_Angeles
locale (or) oxTrustLocale: Locale of the person, represented as a BCP47 [RFC5646] language tag
phoneNumberVerified: True if the phone number of the person has been verified, otherwise false
address: OpenID Connect formatted JSON object representing the address of the person
updatedAt: Time the information of the person was last updated. Seconds from 1970-01-01T0:0:0Z
preferredLanguage
role: Role
secretAnswer: Secret Answer
secretQuestion: Secret Question
seeAlso
sn
cn
transientId: TransientId
uid
userPassword
st
street
l
oxCountInvalidLogin: Invalid login attempts count
oxEnrollmentCode: oxEnrollmentCode
gluuIMAPData: This data has information about your IMAP connection
oxPPID: Persistent Pairwise ID for OpenID Connect

gluuGroup#

c
description
displayName
gluuGroupType: Type of Group. Not used.
gluuGroupVisibility: Group visibility. Not used.
gluuStatus: Status of the entry, used by many objectclasses
iname
inum: XRI i-number
member
o
owner
seeAlso
oxTrustMetaCreated
oxTrustMetaLastModified
oxTrustMetaLocation
oxTrustMetaVersion

gluuOrganization#

c
county: ISO 3166-1 Alpha-2 Country Code
deployedAppliances: Track which appliances are deployed at an organization.
description
displayName
gluuAddPersonCapability: Organizational attribute to control whether new users can be added via the oxTrust GUI.
gluuAdditionalUsers:
gluuApplianceUpdateRequestList (or) gluuApplianceUpdateReuestList: Used by the Gluu Server to request an update
gluuCustomMessage: oxTrust custom welcome message
gluuFaviconImage: Stores URL of Favicon
gluuFederationHostingEnabled: oxTrust flag for the federation feature. Values enabled or disabled.
gluuInvoiceNo:
gluuLogoImage: Logo used by oxTrust for default look and feel.
gluuManageIdentityPermission:
gluuManager: Used to specify if a person has the manager role
gluuManagerGroup: Used in organization entry to specifies the DN of the group that has admin priviledges in oxTrust.
gluuOrgProfileMgt: enable or disable profile management feature in oxTrust
gluuOrgShortName: Short description, as few letters as possible, no spaces.
gluuPaidUntil:
gluuPaymentProcessorTimestamp:
gluuProStoresUser:
gluuStatus: Status of the entry, used by many objectclasses
gluuTempFaviconImage: Store location for upload of Favicon
gluuThemeColor: oxTrust login page configuration
gluuWhitePagesEnabled
iname
inum: XRI i-number
l
mail
memberOf
nonProfit:
o
oxCreationTimestamp: Registration time
oxLinkLinktrack: Linktrack link
oxLinktrackEnabled: Is Linktrack API configured?
oxLinktrackLogin: Linktrack API login
oxLinktrackPassword: Linktrack API password
oxRegistrationConfiguration: Registration Configuration
postalCode
proStoresToken
prostoresTimestamp
scimAuthMode: SCIM Authorization mode
scimGroup: SCIM Group
scimStatus: SCIM status
st
street
telephoneNumber
title
uid
userPassword

gluuAppliance#

blowfishPassword: Blowfish crypted text
c
description
displayName
gluuAdditionalBandwidth: Track bandwidth requirements for the Gluu Server instance
gluuAdditionalMemory: Track additional memory requirements for the Gluu Server instance
gluuApplianceDnsServer: Persist the DNS server that should be used for the Gluu Server instance
gluuAppliancePollingInterval: Set the frequency of the health status update of the Gluu Server
gluuBandwidthRX: Track data received by the Gluu Server
gluuBandwidthTX: Track data sent by the Gluu Server
gluuDSstatus: Monitor health of the instance LDAP server.
gluuFederationHostingEnabled: oxTrust flag for the federation feature. Values enabled or disabled.
gluuFreeDiskSpace: Monitor free disk space on the Gluu Server instance
gluuFreeMemory: Monitor free memory on the Gluu Server instance
gluuFreeSwap: Monitor swap space on the Gluu Server instance
gluuGroupCount: Monitor the number of groups
gluuHTTPstatus: Monitor HTTP availability of the Gluu Server instance
gluuHostname: The hostname of the Gluu Server instance
gluuInvoiceNo:
gluuIpAddress: IP address of the Gluu Server instance
gluuLastUpdate: Monitors last time the server was able to connect to the monitoring system
__gluuLifeRay:
gluuLoadAvg: Monitor the average CPU load for a Gluu Server instance
gluuManageIdentityPermission:
gluuManager: Used to specify if a person has the manager role
gluuMaxLogSize: Maximum Log File Size
gluuOrgProfileMgt: enable or disable profile management feature in oxTrust
gluuPaidUntil:
gluuPaymentProcessorTimestamp:
gluuPersonCount: Monitor the number of people in the LDAP severs for a Gluu Server instance
gluuPrivate:
gluuPublishIdpMetadata: Gluu Server flag to publish the IDP metadata via the web server
gluuResizeInitiated:
gluuSPTR:
gluuScimEnabled: oxTrust SCIM feature - enabled or disabled
gluuShibAssertionsIssued: Monitors activity of Gluu Server Shibboleth IDP
gluuShibFailedAuth: Monitors failed login attempts on Gluu Server Shibboleth IDP
gluuShibSecurityEvents: Monitors security events on Gluu Server Shibboleth IDP
gluuShibSuccessfulAuths: Monitors login attempts on Gluu Server Shibboleth IDP
oxTrustEmail
gluuSmtpFromEmailAddress: Gluu Server SMTP configuration
gluuSmtpFromName: SMTP From Name
gluuSmtpHost: SMTP Host
gluuSmtpPassword: SMTP User Password
gluuSmtpPort: SMTP Port
gluuSmtpRequiresAuthentication: SMTP Requires Authentication
gluuSmtpRequiresSsl: SMTP Requires SSL
gluuSmtpUserName: SMTP User Name
gluuSslExpiry: SAML Trust Relationship configuration
gluuStatus: Status of the entry, used by many objectclasses
gluuSystemUptime: Monitors how long the Gluu Server instance has been running.
gluuTargetRAM: Monitors total available RAM on Gluu Server instance
gluuUrl: Gluu instance URL
gluuVDSenabled: oxTrust VDS enabled or disabled
gluuVDSstatus: Gluu VDS configuration
gluuVdsCacheRefreshEnabled
gluuVdsCacheRefreshLastUpdate
gluuVdsCacheRefreshLastUpdateCount
gluuVdsCacheRefreshPollingInterval
gluuVdsCacheRefreshProblemCount
gluuWhitePagesEnabled
iname
inum: XRI i-number
inumFN: XRI i-number sans punctuation
o
oxAuthenticationMode
oxTrustAuthenticationMode
oxIDPAuthentication: Custom IDP authentication configuration
oxLogViewerConfig: Log viewer configuration
oxSmtpConfiguration: SMTP configuration
oxMemcachedConfiguration: Memcached configuration
oxTrustStoreCert: oxPush device configuration
oxTrustStoreConf: oxPush application configuration
passwordResetAllowed: Is password reset mechanics allowed
softwareVersion
userPassword
oxTrustCacheRefreshServerIpAddress
gluuPassportEnabled

gluuAttribute#

description
displayName
gluuAttributeEditType: Specify in oxTrust who can update an attribute, admin or user
gluuAttributeName: Specify an identifier for an attribute. May be multi-value where an attribute has two names, like givenName and first-name.
gluuAttributeOrigin: Specify the person objectclass associated with the attribute, used for display purposes in oxTrust.
gluuAttributeSystemEditType:
gluuAttributeType: Data type of attribute. Values can be string, photo, numeric, date
oxAuthClaimName: Used by oxAuth in conjunction with gluuttributeName to map claims to attributes in LDAP.
gluuAttributeUsageType:
gluuAttributeViewType: Specify in oxTrust who can view an attribute, admin or user
gluuCategory: Used to group attributes together.
gluuSAML1URI: SAML 1 URI of attribute
gluuSAML2URI: SAML 2 URI of attribute
gluuStatus: Status of the entry, used by many objectclasses
iname
inum: XRI i-number
oxAttributeType: NameId or attribute
oxMultivaluedAttribute
oxNameIdType: NameId Type
oxSCIMCustomAttribute
oxSourceAttribute: Source Attribute for this Attribute
seeAlso
urn
gluuRegExp: Regular expression used to validate attribute data
gluuTooltip: Custom tooltip to be shown on the UI
oxValidation: This data has information about attribute Validation

gluuSAMLconfig#

description
displayName
federationRules: Track rules for the federation in Gluu SAML config. Deprecated as multi-party federation management should move to Jagger.
gluuContainerFederation: SAML Trust Relationship federation info
gluuEntityId: Specifies SAML trust relationship entity ID
gluuIsFederation: Used in oxTrust to specify if a SAML Trust Relationship is a federation. It could also be a website
gluuProfileConfiguration: SAML Trust Relationship attribute
gluuReleasedAttribute: oxTrust reference for the dn of the released attribute
gluuRulesAccepted:
gluuSAMLMetaDataFilter: Metadata filter in SAML trust relationship
gluuSAMLTrustEngine: SAML trust relationship configuration
gluuSAMLmaxRefreshDelay: SAML trust relationship refresh time
gluuSAMLspMetaDataFN: SAML Trust Relationship file location of metadata
gluuSAMLspMetaDataSourceType: SAML Trust Relationship SP metadata type - file, URI, federation
gluuSAMLspMetaDataURL: SAML Trust Relationship URI location of metadata
gluuSpecificRelyingPartyConfig: SAML Trust Relationship configuration
gluuStatus: Status of the entry, used by many objectclasses
gluuTrustContact: oxTrust login page configuration
gluuTrustDeconstruction:
gluuValidationLog
gluuValidationStatus
iname
inum: XRI i-number
o
oxAuthPostLogoutRedirectURI: oxAuth Post Logout Redirect URI
url
researchAndScholarshipEnabled: Trust relationship attribute to show that InCommon R&S activated
gluuEntityType: This data has information about TR EntityType

gluuInumMap#

gluuStatus: Status of the entry, used by many objectclasses
inum: XRI i-number
primaryKeyAttrName: Primary Key Attribute Name
primaryKeyValue: Primary Key Value
secondaryKeyAttrName: Secondary Key Attribute Name
secondaryKeyValue: Secondary Key Value
tertiaryKeyAttrName: Tertiary Key Attribute Name
tertiaryKeyValue: Tertiary Key Value

gluuInvoice#

gluuInvoiceAmount:
gluuInvoiceDate:
gluuInvoiceLineItemName:
gluuInvoiceNumber:
gluuInvoiceProductNumber:
gluuInvoiceQuantity:
gluuInvoiceStatus:
inum: XRI i-number

gluuPasswordResetRequest#

creationDate: Creation Date used for password reset requests
oxGuid: A random string to mark temporary tokens
personInum: Inum of a person

oxLink#

description
oxGuid: A random string to mark temporary tokens
oxLinkCreator: Link Creator
oxLinkExpirationDate: Link Expiration Date
oxLinkLinktrack: Linktrack link
oxLinkModerated: Is Link Moderated?
oxLinkModerators: Link Moderators
oxLinkPending: Pending Registrations

vdapcontainer#

ou

vdDirectoryView#

o

vdlabel#

o

oxEntry#

displayName
iname
inum: XRI i-number

oxNode#

organizationalOwner: OX organizationalOwner
owner
sourceRelationalXdiStatement: OX SourceRelationalXdiStatement
targetRelationalXdiStatement: OX TargetRelationalXdiStatement
x: OX XRI Component
xdiStatement: OX xdiStatement
xri: OX XRI address

oxAuthClient#

associatedPerson: Reference the DN of a person.
displayName
inum: XRI i-number
oxAuthAppType: oxAuth App Type
oxAuthClientIdIssuedAt: oxAuth Client Issued At
oxAuthClientSecret: oxAuth Client Secret
oxAuthClientSecretExpiresAt: Date client expires
oxAuthClientURI: oxAuth Client URI
oxAuthContact: oxAuth Contact
oxAuthDefaultAcrValues: oxAuth Default Acr Values
oxAuthDefaultMaxAge: oxAuth Default Max Age
oxAuthGrantType: oxAuth Grant Type
oxAuthIdTokenEncryptedResponseAlg: oxAuth ID Token Encrypted Response Alg
oxAuthIdTokenEncryptedResponseEnc: oxAuth ID Token Encrypted Response Enc
oxAuthIdTokenSignedResponseAlg: oxAuth ID Token Signed Response Alg
oxAuthInitiateLoginURI: oxAuth Initiate Login URI
oxAuthJwksURI: oxAuth JWKs URI
oxAuthJwks: oxAuth JWKs
oxAuthLogoURI: oxAuth Logo URI
oxAuthPolicyURI: oxAuth Policy URI
oxAuthPostLogoutRedirectURI: oxAuth Post-Logout Redirect URI
oxAuthRedirectURI: oxAuth Redirect URI
oxAuthRegistrationAccessToken: oxAuth Registration Access Token
oxAuthRequestObjectSigningAlg: oxAuth Request Object Signing Alg
oxAuthRequestObjectEncryptionAlg: oxAuth Request Object Encryption Alg
oxAuthRequestObjectEncryptionEnc: oxAuth Request Object Encryption Enc
oxAuthRequestURI: oxAuth Request URI
oxAuthRequireAuthTime: oxAuth Require Authentication Time
oxAuthResponseType: oxAuth Response Type
oxAuthScope: oxAuth Attribute Scope
oxAuthSectorIdentifierURI: oxAuth Sector Identifier URI
oxAuthSignedResponseAlg: oxAuth Signed Response Alg
oxAuthSubjectType: oxAuth Subject Type
oxAuthTokenEndpointAuthMethod: oxAuth Token Endpoint Auth Method
oxAuthTokenEndpointAuthSigningAlg: oxAuth Token Endpoint Auth Signing Alg
oxAuthTosURI: oxAuth TOS URI
oxAuthTrustedClient: oxAuth Trusted Client
oxAuthUserInfoEncryptedResponseAlg: oxAuth User Info Encrypted Response Alg
oxAuthUserInfoEncryptedResponseEnc: oxAuth User Info Encrypted Response Enc
oxAuthExtraConf: oxAuth additional configuration
oxLastAccessTime: Last access time
oxLastLogonTime: Last logon time
oxPersistClientAuthorizations: ox Persist Client Authorizations
oxAuthLogoutURI: oxAuth Policy URI
oxAuthLogoutSessionRequired: oxAuth Policy URI

oxAuthCustomScope#

defaultScope: Track the default scope for an custom OAuth2 Scope.
description
displayName
inum: XRI i-number
oxScopeType: OX Attribute Scope type
oxAuthClaim: oxAuth Attribute Claim
oxScriptDn: Script object DN
oxAuthGroupClaims: oxAuth Group Attribute Claims (true or false)

oxAuthSessionId#

oxLastAccessTime: Last access time
oxAuthAuthenticationTime: oxAuth Authentication Time
oxAuthPermissionGranted: oxAuth Permission Granted
oxAuthPermissionGrantedMap: oxAuth Permission Granted Map
oxAuthUserDN: oxAuth User DN
oxAuthSessionId: oxAuth Session Id
oxState: oxState
oxAuthSessionAttribute: oxAuthSessionAttribute
oxAsJwt: Boolean field to indicate whether object is used as JWT
oxJwt: JWT representation of the object or otherwise JWT associated with the object
oxInvolvedClients: Involved clients

oxAuthConfiguration#

ou
oxAuthConfDynamic: oxAuth Dynamic Configuration
oxAuthConfErrors: oxAuth Errors Configuration
oxAuthConfStatic: oxAuth Static Configuration
oxAuthConfWebKeys: oxAuth Web Keys Configuration
oxRevision: Revision

oxTrustConfiguration#

ou
oxTrustConfApplication: oxTrust Application Configuration
oxTrustConfCacheRefresh: oxTrust Cache Refresh Configuration
oxRevision: Revision
oxTrustConfImportPerson: oxTrust Import Person Configuration

oxApplicationConfiguration#

ou
oxConfApplication: ox Application Configuration
oxRevision: Revision

oxAuthUmaResourceSet#

displayName
inum: XRI i-number
owner
oxAssociatedClient (or) associatedClient: Associate the dn of an OAuth2 client with a person or UMA Resource Set.
oxAuthUmaScope: URI reference of scope descriptor
oxFaviconImage: URI for a graphic icon
oxGroup: User group
oxId: Identifier
oxResource: Host path
oxRevision: Revision
oxType: ox type
oxUrl: ox URL

oxAuthUmaScopeDescription#

displayName
inum: XRI i-number
owner
oxFaviconImage: URI for a graphic icon
oxIconUrl: ox icon url
oxId: Identifier
oxPolicyRule: Policy Rule
oxPolicyScriptDn: OX policy script Dn
oxRevision: Revision
oxType: ox type
oxUrl: ox url

oxAuthUmaResourceSetPermission#

oxAmHost: am host
oxAuthExpiration: oxAuth Expiration
oxAuthUmaScope: URI reference of scope descriptor
oxConfigurationCode: ox configuration code
oxHost: ox host
oxResourceSetId: ox resource set ID
oxTicket: ox ticket

oxAuthGrant#

oxAuthGrantId: oxAuth grant id
oxAuthCreation: oxAuth Creation

oxAuthToken#

oxAuthAuthenticationTime: oxAuth Authentication Time
oxAuthAuthorizationCode: oxAuth authorization code
oxAuthCreation: oxAuth Creation
oxAuthExpiration: oxAuth Expiration
oxAuthGrantId: oxAuth grant ID
oxAuthGrantType: oxAuth Grant Type
oxAuthJwtRequest: oxAuth JWT Request
oxAuthNonce: oxAuth nonce
oxAuthScope: oxAuth Attribute Scope
oxAuthTokenCode: oxAuth Token Code
oxAuthTokenType: oxAuth Token Type
oxAuthUserId: oxAuth user ID
oxAuthClientId: oxAuth Client ID
oxAuthenticationMode
uniqueIdentifier
oxCodeChallenge: OX PKCE code challenge
oxCodeChallengeMethod: OX PKCE code challenge method
oxAuthSessionDn: oxAuth Session DN

oxAuthUmaRPT#

oxAmHost: am host
oxAuthAuthenticationTime: oxAuth Authentication Time
oxAuthClientId: oxAuth Client id
oxAuthCreation: oxAuth Creation
oxAuthExpiration: oxAuth Expiration
oxAuthTokenCode: oxAuth Token Code
oxAuthUserId: oxAuth user ID
oxUmaPermission: ox UMA permission
uniqueIdentifier

oxLiteralNode#

literalBinaryValue: ox literalValue
literalValue: ox literalValue
organizationalOwner: ox organizationalOwner
owner
targetRelationalXdiStatement: ox TargetRelationalXdiStatement
x: ox XRI Component
xdiStatement: ox xdiStatement
xri: ox XRI address

oxProxConfiguration#

ou
oxProxConf: oxProx Configuration
oxScriptDn: Script object DN

oxProxOp#

c
displayName
inum: XRI i-number
l
oxDomain: domain
oxId: Identifier
oxX509PEM: x509 in PEM format
oxX509URL: x509 URL

oxProxClient#

displayName
inum: XRI i-number
oxProxyClaimMapping: oxProx claim mapping
oxProxyScope: oxProx scope
oxProxyToOpClientMapping: oxProx client mapping to op client

oxProxAccessToken#

oxAuthCreation: oxAuth Creation
oxAuthExpiration: oxAuth Expiration
oxProxyAccessToken: oxProx access token
oxProxyClientId: oxProx client id

oxScript#

inum: XRI i-number
oxScript: Attribute that contains script (python, java script)
oxScriptType: Attribute that contains script type (e.g. python, java script)

oxPushApplication#

displayName
oxId: Identifier
oxName: Name
oxPushApplicationConf: oxPush application configuration

oxPushDevice#

oxAuthUserId: oxAuth user id
oxId: Identifier
oxPushApplication: oxPush application DN
oxPushDeviceConf: oxPush device configuration
oxType: ox type

oxCustomScript#

inum: XRI i-number
displayName
description
oxScript: Attribute that contains script (python, java script)
oxScriptType: Attribute that contains script type (e.g. python, java script)
programmingLanguage: programming language
oxModuleProperty: Module property
oxConfigurationProperty: Configuration property
oxLevel: Level
oxRevision: Revision
gluuStatus: Status of the entry, used by many objectclasses

oxDeviceRegistration#

oxId: Identifier
displayName
description
oxDeviceKeyHandle: oxDeviceKeyHandle
oxDeviceHashCode: oxDeviceHashCode
oxApplication: oxApplication
oxDeviceRegistrationConf: oxDeviceRegistrationConf
oxDeviceData: oxDeviceData
oxCounter: oxCounter
oxStatus: oxStatus
creationDate: Creation Date used for password reset requests
oxLastAccessTime: Last access time
oxTrustMetaLastModified
oxTrustMetaLocation
oxTrustMetaVersion

oxU2fRequest#

oxId: Identifier
oxRequestId: oxRequestId
oxRequest: oxRequest
oxSessionStateId: oxSessionStateId
personInum: Inum of a person
creationDate: Creation Date used for password reset requests

oxMetric#

uniqueIdentifier
oxStartDate: Start date
oxEndDate: End date
oxApplicationType: Application type
oxMetricType: Metric type
creationDate: Creation Date used for password reset requests
oxData: OX data

oxClientAuthorizations#

oxId: Identifier
oxAuthClientId: oxAuth Client id
oxAuthScope: oxAuth Attribute Scope

oxSectorIdentifier#

inum: XRI i-number
oxAuthRedirectURI: oxAuth Redirect URI
oxAuthClientId: oxAuth Client id

oxPassportConfiguration#

ou
gluuPassportConfiguration: oxTrust Passport Strategy Configuration
gluuStatus: Status of the entry, used by many objectclasses

oxShibbolethCASProtocolConfiguration#

ou
friendlyName: oxShibboleth friendlyName field
uniqueIdentifier
inum: XRI i-number
oxConfApplication: ox Application Configuration
oxRevision: Revision

Kubernetes example#

A common question using a custom LDAP schema in Gluu Server pods is when to mount the file and where to put it. This guide explains how to use custom schema in OpenDJ pods in various scenarios.

Adding Schema Before Deployment#

It is important to know that during the first deployment of the OpenDJ pod, files cannot be mounted to /opt/opendj/config or the installation will fail. Fortunately, during installation, OpenDJ will copy the schema from /opt/opendj/template/config/schema to the /opt/opendj/config/schema directory.

Below is an example of how to mount custom schema using kubernetes configmaps:

Create a config file to store the contents of the 78-myAttributes.ldif custom schema.

kubectl create cm opendj-custom-schema --from-file=78-myAttributes.ldif

Mount the schema (depending on deployment scenario) into the container:

apiVersion: v1
kind: StatefulSet
metadata:
  name: opendj
spec:
  containers:
    image: gluufederation/wrends:4.1.0_01
    volumeMounts:
      - name: opendj-schema-volume
        mountPath: /opt/opendj/template/config/schema/78-myAttributes.ldif
        subPath: 78-myAttributes.ldif
  volumes:
    - name: opendj-schema-volume
      configMap:
        name: opendj-custom-schema

As we can see, 78-myAttributes.ldif is mounted as /opt/opendj/template/config/schema/78-myAttributes.ldif inside the container, which eventually will be copied to /opt/opendj/config/schema/78-myAttributes.ldif automatically. This custom schema will be loaded by the OpenDJ server upon startup.

Adding Schema After Deployment#

In this scenario, we assume the pod has been running and we need to add a new schema named 79-otherAttributes.ldif.

    apiVersion: v1
    kind: StatefulSet
    metadata:
      name: opendj
    spec:
      containers:
        image: gluufederation/wrends:4.1.0_01
        volumeMounts:
          - name: opendj-schema-volume
            mountPath: /opt/opendj/config/schema/79-otherAttributes.ldif
            subPath: 79-otherAttributes.ldif
      volumes:
        - name: opendj-schema-volume
          configMap:
            name: opendj-custom-schema