The Reveal Platform requires certain attributes to be present in order to allow for importing of users:

  • sAMAccountName
  • objectSID
  • UserPrincipalName


OpenLDAP does not contain the necessary schemas by default to accomplish this. This article describes the steps necessary to add the necessary schemas.


The MS AD specific schemas can be acquired from:


There are a number of schemas, but there are three that are of interest:

  • microsoftobjectclass.schema

  • microsoftattributetypestd.schema

  • microsoftattributetype.schema


Copy all three schemas to your schema directory (E.g. /etc/ldap/schema). We then need to make some edits to a couple of files to avoid duplicates of attributes:


In microsoftattributetype.schema:

Comment out-

attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
DESC 'RFC1274: home postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch

attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC 'RFC1274: personal title'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX{256} )

attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'


In microsoftobjectclass.schema, add the following to the end of the user object:

After mS-DS-CreatorSID, add  $ mail $ givenName

mS-DS-CreatorSID $ mail $ givenName


In microsoftattributetypestd.schema:

Comment out-

attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
DESC 'RFC1274: DN of manager'
EQUALITY distinguishedNameMatch

attributetype ( 0.9.2342.19200300.100.1.20
NAME ( 'homePhone' 'homeTelephoneNumber' )

attributetype ( 0.9.2342.19200300.100.1.41
NAME ( 'mobile' 'mobileTelephoneNumber' )

attributetype ( 0.9.2342.19200300.100.1.42
NAME ( 'pager' 'pagerTelephoneNumber' )


Once edited and saved, create a new file in tmp directory (vim /tmp/ava.conf), and input the following lines in the following order (ordering is important):

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/microsoftattributetype.schema
include /etc/ldap/schema/microsoftattributetypestd.schema
include /etc/ldap/schema/microsoftobjectclass.schema

Make a directory in /tmp (mkdir -p /tmp/ava.d)

and run the following command

prompt$> slaptest -f /tmp/ava.conf -F /tmp/ava.d

This command should return "config file testing succeeded"

You'll then need to make minor edits to the generated files:

vim /tmp/ava.d/cn\=config/cn\=schema/cn\=\{6\}microsoftattributetype.ldif

The top 3 uncommented lines should be:

dn: cn=microsoftattributetype,cn=schema,cn=config

objectClass: olcSchemaConfig

cn: microsoftattributetype



vim /tmp/ava.d/cn\=config/cn\=schema/cn\=\{7\}microsoftattributetypestd.ldif


The top 3 uncommented lines should be:

dn: cn=microsoftattributetypestd,cn=schema,cn=config

objectClass: olcSchemaConfig

cn: microsoftattributetypestd




vim /tmp/ava.d/cn\=config/cn\=schema/cn\=\{8\}microsoftobjectclass.ldif


The top 3 uncommented lines should be:

dn: cn=microsoftobjectclass,cn=schema,cn=config

objectClass: olcSchemaConfig

cn: microsoftobjectclass


And delete the following lines from bottom of each file:








Last Step, adding to LDAP configuration:

prompt$> sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ava.d/cn\=config/cn\=schema/cn\=\{6\}microsoftattributetype.ldif

prompt$> sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ava.d/cn\=config/cn\=schema/cn\=\{7\}microsoftattributetypestd.ldif

prompt$> sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/ava.d/cn\=config/cn\=schema/cn\=\{8\}microsoftobjectclass.ldif


Note: Using ldapi:///, make sure you do not have this commented in /etc/ldap/ldap.conf