On Sun, 2012-03-18 at 13:59 +0100, Marco Pizzoli wrote:
> Hi Simo,
> On Sat, Mar 17, 2012 at 7:16 PM, Simo Sorce <s...@redhat.com> wrote:
>         On Sat, 2012-03-17 at 11:12 +0100, Marco Pizzoli wrote:
>         > Hi guys,
>         >
>         > I extended my set of LDAP objectClasses associated to users
>         by adding
>         > my new objectClass to my cn=ipaConfig LDAP entry, the
>         > ipaUserObjectClasses attribute.
>         > Then, I created a new user with the web ui and I see the new
>         > objectClass associated with that user, but as structural
>         instead of
>         > auxiliary. I don't know why, could you help me?
>         >
>         > Same thing happened for my groups. I added 3 objectClasses
>         and now I
>         > see all of them as structural. I would understand an answer:
>         all
>         > objectClasses eventually result as structural, but so why,
>         for
>         > example, the ipaObject is still an auxiliary objectClass?
>         The objectClass type depends on the schema. It is not
>         something that
>         changes after you assign it to an object.
> Yes, your answer surely does make sense.
> My question was triggered by the fact that, AFAICS, not all
> objectClasses are structural as well.
> In fact I can see that, for my group object, the objectClass
> "ipaobject" has been defined as auxiliary, while others structural.
> For users, I see that *only my objectClass* is defined as structural.
> All others as auxiliary.
> In attachment you can see 2 images that immediately represent what I'm
> trying to explain.
> If this was the intended behaviour, I would be really interested in
> knowing what is the rationale behind this.
> Only curiousity, as usual :-)

Objectclasses have no structureal/auxiliary "attribute" in an object,
it's your ldap browser that is returning the labeling by (I guess )
searching the schema.

I guess your object is getting it wrong, or the schema you defined in
389ds has these classes marked structural.
search the schema with your browser and see how it identify these
classes ?

I see you also opened a bug, but it makes little sense to me. I will
close it as invalid for now, unless there is evidence 389ds returns the
wrong type from the schema tree.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to