This article seems to explain everything you're interested in- http://msdn2.microsoft.com/en-us/library/ms676290.aspxre
An individual instance is the result of creating a new 'something'. Structural classes define objects we can create and the rules/attributes governing their creation. If by DSE, you're referring to 'directory services entry', then yes ... though not uncommon in general, it's not a term I've found typical when describing object instances. PS - if you're able to add the attributes to the object instances then one or more of the following five things is true - 1. you've extended the schema and have added your auxiliary class containing the attributes to the structural class in question (users?) 2. you've extended the schema and have added your attributes directly to the structural class 3. you've extended the schema and have added your auxiliary class to an auxiliary class from which the structural class is derived 4. you've extended the schema and have added your attributes directly to an auxiliary class from which the structural class is derived 5. you've successfully exploited dynamic auxiliary classes -- Dean Wells MSEtechnology Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: Frank Cusack [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 20, 2007 10:19 PM To: [email protected] Subject: [ldap] AD extending schema and objectClass OK, not about "LDAP" but similar. I couldn't find an appropriate microsoft group, and I'm sure folks here are familiar with this. I've extended the AD schema. <http://technet2.microsoft.com/windowsserver/en/library/e3525d00-a746-4466-b b87-140acb44a6031033.mspx?mfr=true> says that In Windows Server 2003, auxiliary classes can be assigned dynamically to individual instances of classes, rather than being applied automatically to all instances. For example, you can assign the pager auxiliary class to only those users who need it. i don't know what an "individual instance" of a class is but from that doc it seems to mean the equivalent of a DSE. that says to me that i can use the familiar syntax dn: cn=username,cn=users,... changetype: modify add: myClass objectClass: myClass - add: myAttribute myAttribute: myValue ... to add attributes specific to my new objectclass to any particular DSE. however when i attempt this i get an error. what i've found i had to do is to add auxiliaryClass: myClass to cn=users,cn=schema,... (from examples found online). fine, although not what i expected. now my real problem/question is that when i do try to add my attributes to a user entry, i am NOT ALLOWED to add the objectClass to their DSE. i can however go ahead and add the attributes present in my new objectclass. this sucks because - when you do a search the results are not consistent with an LDAP search where you expect that for every attribute present in a DSE, there will be an objectClass attribute which allows/requires that attribute - migration to/from openLDAP is difficult any insight, or references to other resources, are most appreciated. -frank --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
