I would like to integrate yubikey token details within freeipa's ldap 389 directory server
I'm trying to follow those instructions to extend ldap schema with yubikey information. Ldap's extensions don't work out of the box and i'm trying to correct them.
I have changes attributeTypes and objectClasses definition to
dn: cn=schema
#
attributeTypes: ( 1.3.6.1.4.1.40789.2012.11.1.2.1 NAME 'yubiKeyId' DESC 'Yubico YubiKey ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 X-ORIGIN 'Example' )
objectClasses: ( 1.3.6.1.4.1.40789.2012.11.1.2.2 NAME 'yubiKeyUser' DESC 'Yubico YubiKey User' SUP top AUXILIARY MAY ( yubiKeyId ) X-ORIGIN 'Example' )
With those modifications, ipa is able to restart but when i try to import a token id with the command
ipa user-mod --addattr="objectClass=yubiKeyUser" --addattr="yubiKeyID=ccccc1234567" user1
I'm getting the following error ipa: ERROR: yubiKeyId: value #0 invalid per syntax : invalid syntax.
I'm using: CentOS: Linux release 7.5.1804 FreeIPA: VERSION: 4.5.4, API_VERSION: 2.228
Thank you for your help
There is a typo in the instructions you've choose to follow and the schema definition is incorrect. Replace it with this one, and things should work.
attributeTypes: ( 1.3.6.1.4.1.40789.2012.11.1.2.1 NAME 'yubiKeyId' DESC 'Yubico YubiKey ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Example' )