Hey,
you can use your own schema extensions with a UCS LDAP server. The thing to look out for is that all LDAP schemas must be synced to all UCS servers in the domain, and it has to be done at specific points in time with respect to updating packages.
Fortunately UCS provides a way to register schema files so that all management will be done by UCS at the appropriate time. This is mostly done so that external packages like apps from the App Center can register their own extensions (e.g. the Zarafa App does that). However, you can use the same mechanism with your own file.
Fortunately you don’t have to write such a schema file yourself as the ssh-ldap-pubkey project provides one. Download it and store it somewhere on your DC Master server, e.g. as /usr/local/share/openssh-lpk.schema.
Next you’ll have to register that schema with the UCS system. Follow the developer documentation for adding schema extensions. You should be able to use the commands shown in Example 4.1, but replace the example app ID environment variable with something sensible.
I’ve just tried the following successfully:
wget -O /usr/local/share/openssh-lpk.schema https://github.com/jirutka/ssh-ldap-pubkey/raw/master/etc/openssh-lpk.schema
export UNIVENTION_APP_IDENTIFIER="sshldappubkey-1"
. /usr/share/univention-lib/ldap.sh
ucs_registerLDAPExtension --schema /usr/local/share/openssh-lpk.schema --packagename sshldappubkey --packageversion 1
Afterwards two things should be the case:
[ol][li]The schema file should have been copied to /var/lib/univention-ldap/openssl-lpk.schema.[/li]
[li]The schema file should be included from /etc/ldap/slapd.conf.[/li][/ol]
Now you can set up your extended attribute just like you did before. Just use ldapPublicKey as the class and sshPublicKey as the LDAP attribute name instead of univentionFreeAttributes and univentionFreeAttribute1.
Kind regards,
mosu