Thanks for the tip. I had the visibility in another schema file (which was also being included in slapd.conf).
I moved it to the
dyngroup.schema file. This is how it looks now:
- objectIdentifier NetscapeRoot 2.16.840.1.113730
- objectIdentifier NetscapeLDAP NetscapeRoot:3
- objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
- objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
- objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
- objectIdentifier DynGroupBase OpenLDAPExp11:8
- objectIdentifier DynGroupAttr DynGroupBase:1
- objectIdentifier DynGroupOC DynGroupBase:2
- attributetype ( NetscapeLDAPattributeType:198
- NAME 'memberURL'
- DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
- SUP labeledURI )
- attributetype ( DynGroupAttr:1
- NAME 'dgIdentity'
- DESC 'Identity to use when processing the memberURL'
- SUP distinguishedName SINGLE-VALUE )
- attributeType ( DynGroupAttr:2
- NAME 'dgAuthz'
- DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
- EQUALITY authzMatch
- SYNTAX 1.3.6.1.4.1.4203.666.2.7
- X-ORDERED 'VALUES' )
- objectClass ( NetscapeLDAPobjectClass:33
- NAME 'groupOfURLs'
- SUP top STRUCTURAL
-
MUST cn
- MAY ( memberURL $ businessCategory $ description $ o $ ou $
- owner $ seeAlso $ member ) )
- # The Haripriya dyngroup schema still needs a lot of work.
- # We're just adding support for the dgIdentity attribute for now...
- objectClass ( DynGroupOC:1
- NAME 'dgIdentityAux'
- SUP top AUXILIARY
-
MAY ( dgIdentity $ dgAuthz ) )
- ################################################################################
- #
- attributeType ( 1.1.2.1.1
- NAME 'visibility'
- SUP name )
- #
- #
- ################################################################################
- #
- attributeType ( 1.1.2.1.2
- NAME 'groupname'
- SUP name )
- #
- ################################################################################
- ################################################################################
- #
- objectClass ( 1.3.6.1.4.1.5923.1.1.101
- NAME 'dygroup'
- DESC 'dynamic group'
- SUP groupOfURLs
- STRUCTURAL
- MUST ( visibility $ groupname $ owner ) )
- ################################################################################
- #######################################################################
- #
- objectClass ( 1.3.6.1.4.1.5923.1.1.99
- NAME 'group'
-
DESC 'group'
- SUP groupOfNames
- STRUCTURAL
- MUST ( visibility $ groupname $ owner ) )
- ################################################################################
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.