Comments on: How on earth do I add OpenID to my LDAP schema http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/ Just another Cetis Blogs site Mon, 22 Jun 2009 12:19:33 +0000 hourly 1 http://wordpress.org/?v=4.1.22 By: sam http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-603 Wed, 03 Dec 2008 13:59:28 +0000 http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-603 And lo there are three radically different solutions!

@miles yes – labeledURI would be the least painful hack I can think of and is likely what I’ll actually do.

@brian I looked at RPX briefly the other week and it would potentially hit a lot of my needs. I’m going to have a bash with it on some of my more experimental sites and see how it fares :-)

@will the lack of published classes defining openid (and I had a bit of a look) was exactly why I wrote this post! Thanks for the pointer on custom objects, I’ll take a look at the docs. Still on balance I think an official published class would be oh-so-sensible.

Many thanks folks. Expect another post/update when I’ve got something working.

]]> By: Miles Metcalfe http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-602 Tue, 25 Nov 2008 08:29:13 +0000 http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-602 Why not use labeledURI? Is it that much of a hack? An OpenID is supposed to be a URL associated with a person, after all. Using, say, eduPersonEntitlement, now that would be a hack.

]]> By: Will Norris http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-601 Tue, 25 Nov 2008 04:59:03 +0000 http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-601 It is fairly common practice to use additional object classes to provides the additional attributes necessary for institution. Particularly common in US higher education is eduPerson. Additionally, SCHAC seemed to have some adoption in Europe. In any event, LDAP entries can most certainly have multiple object classes. I’m not aware of any published object classes that define an OpenID attribute, but it might be worth a quick search. If not, I would recommend creating a simple local “person” object class that defines whatever additional attributes you need (like OpenID). OpenLDAP documentation should outline how to install and make use of such custom object classes.

]]> By: Brian Kissel http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-600 Mon, 24 Nov 2008 15:57:44 +0000 http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-600 Give JanRain’s RPX a try: http://rpxnow.com/get

There is a free version for smaller applications that might be a good fit for you. It can integrate with existing registration systems.

]]> By: How on earth do I add OpenID to … http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-599 Mon, 24 Nov 2008 07:47:32 +0000 http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/#comment-599 […] http://blogs.cetis.org.uk/sam/2008/11/24/how-on-earth-do-i-extend-an-ldap-schema/ asks Hoosgot, […]

]]>