[Freeipa-users] Doubt on FreeIPA LDAP extensibility

Dmitri Pal dpal at redhat.com
Sun Mar 18 16:41:12 UTC 2012 

On 03/18/2012 08:59 AM, Marco Pizzoli wrote:
> Hi Simo,
>
> On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce <simo at redhat.com
> <mailto:simo at redhat.com>> wrote:
>
>     On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote:
>     > Hi guys,
>     >
>     > I extended my set of LDAP objectClasses associated to users by
>     adding
>     > my new objectClass to my cn=ipaConfig LDAP entry, the
>     > ipaUserObjectClasses attribute.
>     > Then, I created a new user with the web ui and I see the new
>     > objectClass associated with that user, but as structural instead of
>     > auxiliary. I don't know why, could you help me?
>     >
>     > Same thing happened for my groups. I added 3 objectClasses and now I
>     > see all of them as structural. I would understand an answer: all
>     > objectClasses eventually result as structural, but so why, for
>     > example, the ipaObject is still an auxiliary objectClass?
>
>     The objectClass type depends on the schema. It is not something that
>     changes after you assign it to an object.
>
>
> Yes, your answer surely does make sense.
>
> My question was triggered by the fact that, AFAICS, not all
> objectClasses are structural as well.
> In fact I can see that, for my group object, the objectClass
> "ipaobject" has been defined as auxiliary, while others structural.
> For users, I see that *only my objectClass* is defined as structural.
> All others as auxiliary.
>
> In attachment you can see 2 images that immediately represent what I'm
> trying to explain.
>
> If this was the intended behaviour, I would be really interested in
> knowing what is the rationale behind this.
> Only curiousity, as usual :-)
>
> Thanks again for your patience!

AFAIU the object classes that are added to users and groups need to be
first defined in the schema.
I assume you have done so otherwise all sorts of errors would have shown
up. Am I correct? I do not recognize the object classes as standard
object classes. But might knowledge might be limited.
Can you put show how you defined these new object classes in schema? You
might have not specified the type and it defaulted to structural.

> Marco
>  
>
>     Simo.
>
>     --
>     Simo Sorce * Red Hat, Inc * New York
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120318/2340e0e4/attachment.htm>

More information about the Freeipa-users mailing list