[Freeipa-users] Doubt on FreeIPA LDAP extensibility

Simo Sorce simo at redhat.com
Mon Mar 19 12:15:57 UTC 2012 

On Sun, 2012-03-18 at 13:59 +0100, Marco Pizzoli wrote:
> Hi Simo,
> 
> On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce <simo at redhat.com> wrote:
>         On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote:
>         > Hi guys,
>         >
>         > I extended my set of LDAP objectClasses associated to users
>         by adding
>         > my new objectClass to my cn=ipaConfig LDAP entry, the
>         > ipaUserObjectClasses attribute.
>         > Then, I created a new user with the web ui and I see the new
>         > objectClass associated with that user, but as structural
>         instead of
>         > auxiliary. I don't know why, could you help me?
>         >
>         > Same thing happened for my groups. I added 3 objectClasses
>         and now I
>         > see all of them as structural. I would understand an answer:
>         all
>         > objectClasses eventually result as structural, but so why,
>         for
>         > example, the ipaObject is still an auxiliary objectClass?
>         
>         
>         The objectClass type depends on the schema. It is not
>         something that
>         changes after you assign it to an object.
> 
> Yes, your answer surely does make sense.
> 
> My question was triggered by the fact that, AFAICS, not all
> objectClasses are structural as well.
> In fact I can see that, for my group object, the objectClass
> "ipaobject" has been defined as auxiliary, while others structural.
> For users, I see that *only my objectClass* is defined as structural.
> All others as auxiliary.
> 
> In attachment you can see 2 images that immediately represent what I'm
> trying to explain.
> 
> If this was the intended behaviour, I would be really interested in
> knowing what is the rationale behind this.
> Only curiousity, as usual :-)

Objectclasses have no structureal/auxiliary "attribute" in an object,
it's your ldap browser that is returning the labeling by (I guess )
searching the schema.

I guess your object is getting it wrong, or the schema you defined in
389ds has these classes marked structural.
>         
search the schema with your browser and see how it identify these
classes ?

I see you also opened a bug, but it makes little sense to me. I will
close it as invalid for now, unless there is evidence 389ds returns the
wrong type from the schema tree.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list