[Freeipa-users] Doubt on FreeIPA LDAP extensibility

Marco Pizzoli marco.pizzoli at gmail.com
Mon Mar 19 12:51:39 UTC 2012 

On Mon, Mar 19, 2012 at 1:15 PM, Simo Sorce <simo at redhat.com> wrote:

> On Sun, 2012-03-18 at 13:59 +0100, Marco Pizzoli wrote:
> > Hi Simo,
> >
> > On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce <simo at redhat.com> wrote:
> >         On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote:
> >         > Hi guys,
> >         >
> >         > I extended my set of LDAP objectClasses associated to users
> >         by adding
> >         > my new objectClass to my cn=ipaConfig LDAP entry, the
> >         > ipaUserObjectClasses attribute.
> >         > Then, I created a new user with the web ui and I see the new
> >         > objectClass associated with that user, but as structural
> >         instead of
> >         > auxiliary. I don't know why, could you help me?
> >         >
> >         > Same thing happened for my groups. I added 3 objectClasses
> >         and now I
> >         > see all of them as structural. I would understand an answer:
> >         all
> >         > objectClasses eventually result as structural, but so why,
> >         for
> >         > example, the ipaObject is still an auxiliary objectClass?
> >
> >
> >         The objectClass type depends on the schema. It is not
> >         something that
> >         changes after you assign it to an object.
> >
> > Yes, your answer surely does make sense.
> >
> > My question was triggered by the fact that, AFAICS, not all
> > objectClasses are structural as well.
> > In fact I can see that, for my group object, the objectClass
> > "ipaobject" has been defined as auxiliary, while others structural.
> > For users, I see that *only my objectClass* is defined as structural.
> > All others as auxiliary.
> >
> > In attachment you can see 2 images that immediately represent what I'm
> > trying to explain.
> >
> > If this was the intended behaviour, I would be really interested in
> > knowing what is the rationale behind this.
> > Only curiousity, as usual :-)
>
> Objectclasses have no structureal/auxiliary "attribute" in an object,
> it's your ldap browser that is returning the labeling by (I guess )
> searching the schema.
>

Exact. I admit I have not been so clear in my explanation.


> I guess your object is getting it wrong, or the schema you defined in
> 389ds has these classes marked structural.
> >
> search the schema with your browser and see how it identify these
> classes ?
>

In attachment. You can find only one, but all of them are equivalent from
this point.
They are indeed seen as structural, even if my added schema file declare
them as auxiliary.


> I see you also opened a bug, but it makes little sense to me. I will
> close it as invalid for now, unless there is evidence 389ds returns the
> wrong type from the schema tree.
>

Ok, I agree.

Thanks as usual
Marco


>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120319/7fb0208c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GroupsAttribute_ObjectClass.PNG
Type: image/png
Size: 14844 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120319/7fb0208c/attachment.png>

More information about the Freeipa-users mailing list