[Freeipa-users] Objectclass ipaobject

[Petr Viktorin]

On 07/29/2014 10:58 AM, Andreas Ladanyi wrote:
> Am 28.07.2014 15:30, schrieb Petr Viktorin:
>> On 07/28/2014 03:08 PM, Andreas Ladanyi wrote:
>>> Hi,
>>>
>>> iam looking for the ldif file where i could find the objectclass
>>> definition of ipaobject.
>>>
[...]
>>> So the objectclass ipaobject seems to have one auxiliary attribute only
>>> ? Where could i find the rest of the objectclass definition ?
>>
>> This is the complete definition; other attributes come from other
>> objectclasses.
>>
>> The ipaUniqueID is required (MUST) for ipaObject. The objectclass
>> itself is AUXILIARY.
>>
>>
>> Here's the tutorial I learned LDAP concepts from, hope it helps:
>> http://www.zytrax.com/books/ldap/ch3/
>
> Hi Petr,
>
> thank you for your answer.
>
>> This is the complete definition; other attributes come from other
> objectclasses.
> Ok, but from which other objectclasses ?

That depends on the other objectclasses the entry has. ipaobject only 
provides ipaUniqueID, but (since it's auxiliary), the entry must have at 
least one other objectclass as well.
For example, a user will have something like:

dn: uid=admin,cn=users,cn=accounts,...
objectclass: top
objectclass: person
objectclass: posixaccount
objectclass: krbprincipalaux
objectclass: krbticketpolicyaux
objectclass: inetuser
objectclass: ipaobject
objectclass: ipasshuser
objectclass: ipaSshGroupOfPubKeys

a non-posix group will have:

dn: cn=ipausers,cn=groups,cn=accounts,...
objectclass: top
objectclass: groupofnames
objectclass: nestedgroup
objectclass: ipausergroup
objectclass: ipaobject

etc.

-- 
Petr³