R – Modifying LDAP schema to support Cardspace and OpenID


I am seeking examples of how others have modified LDAP schemas to support Cardspace and/or OpenID. Links to LDIFs or other documentation is greatly appreciated.

Best Solution

Without having done a LDAP-InfoCard-OpenID-integration I don't think that modifying the LDAP schema to incorporate the required information is that difficult.

For OpenID you have to store the OpenID and for identifiying InfoCard-authorized users you have to store the private personal identifier (PPID) of the respective InfoCard in your LDAP user object.

As an OpenID is merely a URI the LDAP attribute can be of the same type as for example labeledURI (Directory String (, caseExactMatch (

The InfoCard private personal identifier (PPID) is a base64-encoded byte array (the length is undefined so you should require an appropriate maximum length; just a guess, but I think 48 characters will be enough as the PPID is a SHA256 hash with 32 bytes and base64-encoding will require about 1.3 times the storage space), so you could go with an IA5 String.