<br><br><div class="gmail_quote">On Sun, Mar 18, 2012 at 6:04 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <u></u> <div bgcolor="#ffffff" text="#000000"><div><div class="h5"> On 03/18/2012 01:00 PM, Marco Pizzoli wrote: <blockquote type="cite">Hi Dmitri,<br> <br> <div class="gmail_quote">On Sun, Mar 18, 2012 at 5:41 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#ffffff" text="#000000"> <div> <div> On 03/18/2012 08:59 AM, Marco Pizzoli wrote: <blockquote type="cite">Hi Simo,<br> <br> <div class="gmail_quote">On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce <span dir="ltr"><<a href="mailto:simo@redhat.com" target="_blank">simo@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div> <div>On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote:<br> > Hi guys,<br> ><br> > I extended my set of LDAP objectClasses associated to users by adding<br> > my new objectClass to my cn=ipaConfig LDAP entry, the<br> > ipaUserObjectClasses attribute.<br> > Then, I created a new user with the web ui and I see the new<br> > objectClass associated with that user, but as structural instead of<br> > auxiliary. I don't know why, could you help me?<br> ><br> > Same thing happened for my groups. I added 3 objectClasses and now I<br> > see all of them as structural. I would understand an answer: all<br> > objectClasses eventually result as structural, but so why, for<br> > example, the ipaObject is still an auxiliary objectClass?<br> <br> </div> </div> The objectClass type depends on the schema. It is not something that<br> changes after you assign it to an object.<br> </blockquote> <div><br> Yes, your answer surely does make sense.<br> <br> My question was triggered by the fact that, AFAICS, not all objectClasses are structural as well.<br> In fact I can see that, for my group object, the objectClass "ipaobject" has been defined as auxiliary, while others structural.<br> For users, I see that *only my objectClass* is defined as structural. All others as auxiliary.<br> <br> In attachment you can see 2 images that immediately represent what I'm trying to explain.<br> <br> If this was the intended behaviour, I would be really interested in knowing what is the rationale behind this.<br> Only curiousity, as usual :-)<br> <br> Thanks again for your patience!<br> </div> </div> </blockquote> <br> </div> </div> AFAIU the object classes that are added to users and groups need to be first defined in the schema.<br> I assume you have done so otherwise all sorts of errors would have shown up. Am I correct?</div> </blockquote> <div><br> Exact. I followed the instructions on extending the schema on 389-ds, by inserting a file in my /etc/dirsrv/<instance>/schema dir.<br> Everything went ok, and I can see from phpldapadmin that the DSA correctly present my objectClasses as available to use for extending objects.<br> �</div> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#ffffff" text="#000000"> I do not recognize the object classes as standard object classes. But might knowledge might be limited.<br> </div> </blockquote> <div><br> Exact, they are "mine" objects, under a reserved OID number.<br> �</div> <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#ffffff" text="#000000"> Can you put show how you defined these new object classes in schema? You might have not specified the type and it defaulted to structural. <br> </div> </blockquote> <div><br> This was a schema file created for OpenLDAP and which is currently in production.<br> I used the script posted on the 389-ds HowTo for the migration from OpenLDAP schema files to 389-ds format.<br> Here you can find it. A little camouflated, of course.<br> <br> <span style="font-family:courier new,monospace">[root@freeipa01 ~]# cat /etc/dirsrv/slapd-UNIX-MYDOMAIN-IT/schema/98myfile.ldif</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">dn: cn=schema</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.4 NAME 'xxxUfficio' DESC 'Ufficio di appartenenza degli utenti XXX' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">objectclasses: ( 1.3.6.1.4.1.36005.0.2.6.2 NAME 'xxxPeopleAttributes' SUP top AUXILIARY DESC 'Definizione di attributi specifici per gli utenti XXX' MAY (� xxxUfficio ))</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.1 NAME 'xxxProgetto' DESC 'Nome del macro-progetto associato a questo gruppo LDAP' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.2 NAME 'xxxAmbiente' DESC 'Nome di ambiente SVIL-TEST-VALID-PROD associato al progetto' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.5 NAME 'xxxTipoGruppo' DESC 'Tipologia di gruppo' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">objectclasses: ( 1.3.6.1.4.1.36005.0.2.6.3 NAME 'xxxGroupsAttributes' SUP top AUXILIARY DESC 'Definizione di attributi specifici per i gruppi XXX' MAY (� xxxProgetto $ xxxAmbiente $ xxxTipoGruppo ))</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.6 NAME 'xxxWebminAmbiente' DESC 'Ufficio di appartenenza degli utenti XXX' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">objectclasses: ( 1.3.6.1.4.1.36005.0.2.6.4 NAME 'xxxWebminAttributes' SUP top AUXILIARY DESC 'Definizione di attributi specifici per gli oggetti Webmin' MAY (� xxxWebminAmbiente ))</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">attributetypes: ( 1.3.6.1.4.1.36005.0.2.4.3 NAME 'xxxDB2GruppiPrivilegi' DESC 'Tipologia di gruppo creato per accesso al DB2' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">objectclasses: ( 1.3.6.1.4.1.36005.0.2.6.5 NAME 'xxxDB2GroupsAttributes' SUP top AUXILIARY DESC 'Definizione di attributi specifici per i gruppi DB2' MAY (� xxxDB2GruppiPrivilegi ))</span><br style="font-family:courier new,monospace"> <span style="font-family:courier new,monospace">objectclasses: ( 1.3.6.1.4.1.36005.0.2.6.1 NAME 'xxxAttributes' SUP top AUXILIARY DESC 'Definizione di attributi specifici per utilizzo interno' MAY (� xxxProgetto $ xxxAmbiente $ xxxTipoGruppo $ xxxDB2GruppiPrivilegi ))</span><br style="font-family:courier new,monospace"> <br> As you can see, they are explicitly declared as AUXILIARY.<br> <br> </div> </div> </blockquote> <br></div></div> OK. Then it seems like a bug on our side ;-)<br> Please file a ticket and attached the info provided here.<br></div></blockquote><div><br>Done. <a href="https://fedorahosted.org/freeipa/ticket/2545">https://fedorahosted.org/freeipa/ticket/2545</a><br>�</div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div bgcolor="#ffffff" text="#000000"> Thanks for your efforts. They really help us to make the project better. <br></div></blockquote><div><br>I'm happy to help :-)<br>�</div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#ffffff" text="#000000"> <br> <blockquote type="cite"> <div class="gmail_quote"> <div>Thanks again<br> Marco<br> </div> </div><div class="im"> <br> <pre><fieldset></fieldset> _______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </div></blockquote><div class="im"> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </div></div> <br>_______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br>