Creating custom user attribute on LDAP (LDS)

I am running a webapp that connects to LDAP (LDS). In the app, I need to check on the user class the value for the attribute userAc开发者_JS百科countControl.

In my installation my user class does not have such attribute, even though I imported the MS-User*.ldf files when creating my instance.

So, I need to create this attribute in the user class. I am using ADSI Edit to connect to my LDS instance, but it does not provide any facility to create new attributes. What should I do?

It's a two stage process, however you do it. First, you need to create the userAccountControl attribute. Then you need to add the name userAccountControl to the mayContain attribute on the user class.

You can create the userAccountControl attribute using LDIFDE or ADAM Schema Manager. ADAM Schema Manager gives you a GUI to do this work but has limited options. LDIFDE is a program you run against a text file. The nice thing about this is that you could run LDIFDE against your AD DS installation to export the userAccountControl attribute attributes [yes, I did mean to type it like that]. You can then remove the ones you don't need (e.g. the ones marked as systemOnly in the schema, for a start) and then import the modified file to your AD LDS instance. I can provide more info if it would help.