Thanks for the tip. I had the visibility in another schema file (which was also being included in slapd.conf).
I moved it to the dyngroup.schema file. This is how it looks now: - - objectIdentifier NetscapeRoot 2.16.840.1.113730 - - objectIdentifier NetscapeLDAP NetscapeRoot:3 - objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 - objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 - - objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 - objectIdentifier DynGroupBase OpenLDAPExp11:8 - objectIdentifier DynGroupAttr DynGroupBase:1 - objectIdentifier DynGroupOC DynGroupBase:2 - - attributetype ( NetscapeLDAPattributeType:198 - NAME 'memberURL' - DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' - SUP labeledURI ) - - attributetype ( DynGroupAttr:1 - NAME 'dgIdentity' - DESC 'Identity to use when processing the memberURL' - SUP distinguishedName SINGLE-VALUE ) - - attributeType ( DynGroupAttr:2 - NAME 'dgAuthz' - DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' - EQUALITY authzMatch - SYNTAX 1.3.6.1.4.1.4203.666.2.7 - X-ORDERED 'VALUES' ) - - objectClass ( NetscapeLDAPobjectClass:33 - NAME 'groupOfURLs' - SUP top STRUCTURAL - MUST cn - MAY ( memberURL $ businessCategory $ description $ o $ ou $ - owner $ seeAlso $ member ) ) - - # The Haripriya dyngroup schema still needs a lot of work. - # We're just adding support for the dgIdentity attribute for now... - objectClass ( DynGroupOC:1 - NAME 'dgIdentityAux' - SUP top AUXILIARY - MAY ( dgIdentity $ dgAuthz ) ) - - ################################################################################ - # - attributeType ( 1.1.2.1.1 - NAME 'visibility' - SUP name ) - - # - - # - ################################################################################ - # - attributeType ( 1.1.2.1.2 - NAME 'groupname' - SUP name ) - - # - - ################################################################################ - - - ################################################################################ - # - objectClass ( 1.3.6.1.4.1.5923.1.1.101 - NAME 'dygroup' - DESC 'dynamic group' - SUP groupOfURLs - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################ - - ####################################################################### - # - objectClass ( 1.3.6.1.4.1.5923.1.1.99 - NAME 'group' - DESC 'group' - SUP groupOfNames - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################ However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry. 2013/5/31 Michael Ströder <[email protected]> > Carlos. > > please always follow-up on the mailing list so others can learn and answer > as > well. > > Carlos Santos wrote: > > > > ################################################################################ > > - # > > - objectClass ( 1.3.6.1.4.1.5923.1.1.101 > > - NAME 'dygroup' > > - DESC 'dynamic group' > > - SUP groupOfURLs > > - STRUCTURAL > > - MUST ( visibility $ groupname $ owner ) ) > > - > > - > > - > > > > ################################################################################ > > When using this and starting slapd with -d config,stats then it outputs: > > 51a8b922 line 53 (objectClass ( 1.3.6.1.4.1.5923.1.1.101 NAME > 'dygroup' > DESC 'dynamic group' SUP groupOfURLs STRUCTURAL > MUST ( visibility $ groupname $ owner ) )) > 51a8b922 > > /home/michael/ftp/Linux/Networking/LDAP/OpenLDAP/schema/experimental.schema: > line 53 objectClass: AttributeType not found: "visibility" > > So where's the attribute type description for 'visibility'? > > => always use debug options when starting slapd after working on custom > schema > definitions. > > Ciao, Michael. > > -- cumprimentos, Carlos Santos
