How To: Self Service for Extended LDAP Attributes

How-to enable self service for extended attributes

Step 1

Create extended attributes according to our documentation.
In this article we are using extended attributes to store public ssh keys.

Step 2 (UCS 4.4)

By default, these attributes are only writable by an administrator. To enable editing by users:

ucr set self-service/udm_attributes='jpegPhoto,e-mail,roomNumber,departmentNumber,country,homeTelephoneNumber,mobileTelephoneNumber,homePostalAddress,sshKey'
ucr set self-service/ldap_attributes='jpegPhoto,mail,roomNumber,departmentNumber,st,homePhone,mobile,homePostalAddress,univentionFreeAttribute1'
ucr set umc/self-service/profiledata/enabled='true'
systemctl restart univention-management-console-server.service

Step 2 (UCS 4.3)

To enable self service and allow users to edit their own extended attributes add the following lines to /etc/univention/templates/files/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end:

print 'access to attrs=sshPublicKey,sshPublicKeyFingerprint,sshPublicKeyUpdatedAt,githubUsername,unixUsername' print ' by users write'

Note: The above changes for UCS 4.3 might get lost when upgrading UCS. You might need to re-apply them.

Mastodon