Extending the LDAP schema to allow saving of security rights

In order to save IWS project security rights back to a Domain (LDAP) server, the server’s LDAP schema must be extended to contain the additional information.

The server must already be configured and running on your network, and you must have sufficient privileges to make changes to the server configuration.

In this procedure, you will create a new attribute called “proprietarySCADAInfo” to contain the IWS project security rights, and then you will add the attribute to the “person” and “group” classes in the server configuration. These classes correspond to users and groups in the project security system.

Please note this procedure only shows how to extend the schema in Microsoft Active Directory running on Windows Server 2003. The exact procedure is different for other LDAP servers and operating systems, but the basic steps should be essentially the same. Please consult your LDAP server documentation.

CAUTION:
Extending a server’s LDAP schema cannot be undone.
  1. Register the schema management DLL.
    1. Click Start > All Programs > Accessories > Command Prompt. A Command Prompt window is displayed.
    2. At the prompt, type cd %SystemRoot%System32 and then press Return. The working directory is changed.
    3. Type regsvr32 schmmgmt.dll and then press Return. If the DLL is successfully registered, then a confirmation message is displayed.
      Web Studio Help illus security extendingldap 02 Extending the LDAP schema to allow saving of security rights

    4. Click OK to dismiss the message.
    5. Close the Command Prompt window.
  2. Add the Active Directory Schema snap-in to the console root.
    1. Click Start > All Programs > Accessories > Run. A Run dialog is displayed.
    2. In the Open box, type mmc, and then click OK.
      Web Studio Help illus security extendingldap 03 Extending the LDAP schema to allow saving of security rights

      (If you have User Access Control (UAC) enabled, then you will be asked if you want to allow Microsoft Management Console to make changes. Click Yes.) A console window is displayed.

    3. In the console window, click File > Add/Remove Snap-in.
      Web Studio Help illus security extendingldap 04 Extending the LDAP schema to allow saving of security rights

      The Add/Remove Snap-in dialog is displayed.

    4. In the Snap-ins added to list, select Console Root, and then click Add. The Add Standalone Snap-in dialog is displayed.
    5. In the list of available snap-ins, select Active Directory Schema, and then and click Add.
      Web Studio Help illus security extendingldap 05 Extending the LDAP schema to allow saving of security rights

      The snap-in is added to Console Root.

    6. Click OK to close the Add/Remove Snap-in dialog.
  3. Create the proprietarySCADAInfo attribute in the Active Directory Schema snap-in.
    1. In the Console Root tree-view, expand Active Directory Schema.
      Web Studio Help illus security extendingldap 06 Extending the LDAP schema to allow saving of security rights

    2. Right-click Active Directory Schema > Attributes, and then click Create Attribute on the shortcut menu. A message is displayed explaining that your schema will be permanent changed.
    3. Click Continue. A Create New Attribute dialog is displayed.
    4. In the dialog, complete the fields as follows.
      • Common Name: proprietarySCADAInfo
      • LDAP Display Name: proprietarySCADAInfo
      • Unique X500 Object ID: 0.7.7777.77777777.777.7.7
        Note: An unique Object ID should be used.
      • Description: proprietarySCADAInfo
      • Syntax: Octect String
      • Minimum: 0
      • Maximum: 10240
      Web Studio Help illus security extendingldap 07 Extending the LDAP schema to allow saving of security rights

    5. Click OK to close the dialog.

    The proprietarySCADAInfo attribute is added to the list.

  4. Add the proprietarySCADAInfo attribute to the person and group classes.
    1. In the Console Root tree-view, select Active Directory Schema > Classes
      Web Studio Help illus security extendingldap 08 Extending the LDAP schema to allow saving of security rights

    2. In the list of classes, right-click person, and then click Properties on the shortcut menu. The Properties dialog is displayed.
    3. In the dialog, click the Attributes tab.
      Web Studio Help illus security extendingldap 09 Extending the LDAP schema to allow saving of security rights

    4. Click Add. The Select Schema Object dialog is displayed.
    5. In the list of schema objects, select proprietarySCADAInfo, and then click OK.
      Web Studio Help illus security extendingldap 10 Extending the LDAP schema to allow saving of security rights

      The attribute is added to the class properties.

    6. Click OK to close the Properties dialog.
    7. Repeat steps b through f for the group class.
  5. In the Console Root tree-view, right-click Active Directory Schema, and then click Refresh on the shortcut menu.
  6. Click File > Exit to close the console window.
  7. Restart the server.

Extending the LDAP schema to allow saving of security rights