Re: AD-style AUX classes

[Michael Ströder <michael@stroeder.com>]

Andrew Bartlett wrote:
> I'm not quite sure what I'm looking for here, sorry:

I'm not quite sure if I correctly understood what you're trying to do 
because I don't have access to all relevant schema definitions.

> In using OpenLDAP, I'm hoping to avoid having to write that logic, so I
> stopped adding extensibleObject to all our objectClass values, and
> replaced it with samba4Top, contaning all the things that AD's top
> contains, but OpenLDAPs does not.

Could you please post definition of 'samba4Top'?

> So far so good, but AD has:
> dn: CN=Domain-DNS,${SCHEMADN}
> objectClass: top
> objectClass: classSchema
> subClassOf: domain
> systemAuxiliaryClass: samDomain

This is the AD-specific schema entry which gets converted to a DIT 
content rule in the LDAPv3-compliant subschema subentry. Yes?

> Looking at http://www.grotan.com/ldap/microsoft.ext.schema
>
> I created entries in my schema file like:
>
> dITContentRule (
>   1.2.840.113556.1.5.67
>   NAME 'domainDNS'
>   AUX ( samDomain )
>   )
>
> dITContentRule (
>   1.2.840.113556.1.5.3
>   NAME 'samDomain'
>   AUX ( samDomainBase )
>   )
>
> This created two problems:  It appears that you cannot create a
> ditContentRule for a non-structural objectClass

Yes, see section 4.1.6. of RFC 4512. You should try not to violate this 
because leads to interop problems with LDAPv3 compliant implementations. 
(My web2ldap obeys DIT content rules governing STRUCTURAL object classes 
when showing select lists for choosing object classes when modifying an 
entry.)

> (samDomain is
> AUXILIARY), and even if I do, I can't tack on the samba4Top on the end,
> because of:

How are 'domainDNS' and 'samDomain' defined? Is 'domainDNS' STRUCTURAL?

Just some wild guess since I don't have everything needed at hand: How 
about defining 'samba4Top' as ABSTRACT object class and derive 
'samDomain' as AUXILIARY from it?

Ciao, Michael.