Re: extend groupOfURLs

Thanks for the tip. I had the visibility in another schema file (which was also being included in slapd.conf).

I moved it to the dyngroup.schema file. This is how it looks now:

objectIdentifier NetscapeRoot 2.16.840.1.113730
objectIdentifier NetscapeLDAP NetscapeRoot:3
objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1
objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2
objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
objectIdentifier DynGroupBase OpenLDAPExp11:8
objectIdentifier DynGroupAttr DynGroupBase:1
objectIdentifier DynGroupOC DynGroupBase:2
attributetype ( NetscapeLDAPattributeType:198
NAME 'memberURL'
DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.'
SUP labeledURI )
attributetype ( DynGroupAttr:1
NAME 'dgIdentity'
DESC 'Identity to use when processing the memberURL'
SUP distinguishedName SINGLE-VALUE )
attributeType ( DynGroupAttr:2
NAME 'dgAuthz'
DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity'
EQUALITY authzMatch
SYNTAX 1.3.6.1.4.1.4203.666.2.7
X-ORDERED 'VALUES' )
objectClass ( NetscapeLDAPobjectClass:33
NAME 'groupOfURLs'
SUP top STRUCTURAL
MUST cn
MAY ( memberURL $ businessCategory $ description $ o $ ou $
owner $ seeAlso $ member ) )
# The Haripriya dyngroup schema still needs a lot of work.
# We're just adding support for the dgIdentity attribute for now...
objectClass ( DynGroupOC:1
NAME 'dgIdentityAux'
SUP top AUXILIARY
MAY ( dgIdentity $ dgAuthz ) )
################################################################################
#
attributeType ( 1.1.2.1.1
NAME 'visibility'
SUP name )
#
#
################################################################################
#
attributeType ( 1.1.2.1.2
NAME 'groupname'
SUP name )
#
################################################################################
################################################################################
#
objectClass ( 1.3.6.1.4.1.5923.1.1.101
NAME 'dygroup'
DESC 'dynamic group'
SUP groupOfURLs
STRUCTURAL
MUST ( visibility $ groupname $ owner ) )
################################################################################
#######################################################################
#
objectClass ( 1.3.6.1.4.1.5923.1.1.99
NAME 'group'
DESC 'group'
SUP groupOfNames
STRUCTURAL
MUST ( visibility $ groupname $ owner ) )
################################################################################

However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.

2013/5/31 Michael Ströder <michael@stroeder.com>

Carlos.

please always follow-up on the mailing list so others can learn and answer as
well.

Carlos Santos wrote:
> ################################################################################
> - #
> - objectClass ( 1.3.6.1.4.1.5923.1.1.101
> - NAME 'dygroup'
> - DESC 'dynamic group'
> - SUP groupOfURLs
> - STRUCTURAL
> - MUST ( visibility $ groupname $ owner ) )
> -
> -
> -
> ################################################################################

When using this and starting slapd with -d config,stats then it outputs:

51a8b922 line 53 (objectClass ( 1.3.6.1.4.1.5923.1.1.101 NAME 'dygroup'

DESC 'dynamic group' SUP groupOfURLs STRUCTURAL

MUST ( visibility $ groupname $ owner ) ))
51a8b922
/home/michael/ftp/Linux/Networking/LDAP/OpenLDAP/schema/experimental.schema:
line 53 objectClass: AttributeType not found: "visibility"

So where's the attribute type description for 'visibility'?

=> always use debug options when starting slapd after working on custom schema
definitions.

Ciao, Michael.

cumprimentos,

Carlos Santos