ADAM ADSIEdit and auxiliary classes

Discussion in 'Active Directory' started by francois reichenbach, Apr 28, 2004.

  1. Hello,
    Adding the auxiliary class eduperson to the ADAM Schema requested some
    adaptations (see the eduperson.ldif below, feedback is welcome).
    To add "eduperson" to the objectclass of a user simple with ldp as well as
    with ADAMADSIEdit.
    To add attributes allowed for this auxiliary class ldp was working nicely.
    Searching with ADAMADSIEdit with a filter on the attributes of the auxiliary
    class was successful.

    Question:
    To add attributes allowed for this auxiliary class with ADAMADSIEdit was not
    possible. The attributes belonging to the auxiliary class are not added to
    the list of the optional attributes, so they cannot be edited. Is this
    related to the ADAMADSIEdit Snap-In or can it be due to some missing
    declaration in the eduperson.ldif (see below)?
    Any help or comment welcome.

    Best regards.

    Appendix:
    eduperson.ldif draft version was accepted from ldifde:
    snip---begin
    dn: CN=eduPersonAffiliation,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: top
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.1
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    #string unicode
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    cn: eduPersonAffiliation
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonAffiliation
    isSingleValued: FALSE

    dn: CN=eduPersonNickname,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: top
    objectClass: attributeSchema
    cn: eduPersonNickname
    attributeId: 1.3.6.1.4.1.5923.1.1.1.2
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    #string unicode
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonNickname
    isSingleValued: FALSE

    dn: CN=eduPersonOrgDN,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: top
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.3
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.12
    # string DS-DN
    attributeSyntax: 2.5.5.1
    oMSyntax: 127
    #oMObjectclass: 0x2B0C0287731C00854A
    oMObjectClass:: KwwCh3McAIVK
    cn: eduPersonOrgDN
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonOrgDN
    isSingleValued: TRUE

    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.12
    #String that contains a DN. For attributes with this syntax,
    #Active Directory handles attribute values as references to
    #the object identified by the DN and automatically updates the
    #value if the object is moved or renamed. For queries that include
    #attributes of DN syntax in a filter, specify full distinguished
    #names—wildcards (for example, cn=John*) are not supported.
    # string DS-DN
    #extracted from
    http://msdn.microsoft.com/library/en-us/ad/ad/syntaxes_for_active_directory_attributes.asp
    #Syntax type Value
    #attributeSyntax 2.5.5.1
    #oMSyntax 127
    #oMObjectClass 0x2B0C0287731C00854A is KwwCh3McAIVK in base64
    #VARTYPE VT_BSTR
    #ADSTYPE ADSTYPE_DN_STRING

    dn: CN=eduPersonOrgUnitDN,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.4
    attributeSyntax: 2.5.5.1
    oMSyntax: 127
    oMObjectClass:: KwwCh3McAIVK
    cn: eduPersonOrgUnitDN
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonOrgUnitDN
    isSingleValued: FALSE

    dn: CN=eduPersonPrimaryAffiliation,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.5
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    cn: eduPersonPrimaryAffiliation
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonPrimaryAffiliation
    isSingleValued: TRUE

    dn: CN=eduPersonPrincipalName,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.6
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    cn: eduPersonPrincipalName
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonPrincipalName
    isSingleValued: TRUE

    dn: CN=eduPersonEntitlement,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.7
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    #string unicode
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    cn: eduPersonEntitlement
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonEntitlement
    isSingleValued: FALSE

    dn: CN=eduPersonPrimaryOrgUnitDN,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.8
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.12
    attributeSyntax: 2.5.5.1
    oMSyntax: 127
    oMObjectClass:: KwwCh3McAIVK
    cn: eduPersonPrimaryOrgUnitDN
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonPrimaryOrgUnitDN
    isSingleValued: TRUE

    dn: CN=eduPersonScopedAffiliation,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsschemaadd
    objectClass: attributeSchema
    attributeId: 1.3.6.1.4.1.5923.1.1.1.9
    #attributeSyntax: 1.3.6.1.4.1.1466.115.121.1.15
    attributeSyntax: 2.5.5.12
    oMSyntax: 64
    cn: eduPersonScopedAffiliation
    description: eduPerson per Internet2 and EDUCAUSE
    ldapDisplayName: eduPersonScopedAffiliation
    isSingleValued: FALSE

    dn:
    changeType: modify
    add: schemaUpdateNow
    schemaUpdateNow: 1
    -

    # add class definition
    dn: CN=eduPerson,CN=Schema,CN=Configuration,DC=X
    changetype: ntdsSchemaAdd
    objectClass: top
    objectClass: classSchema
    cn: eduPerson
    distinguishedName:
    CN=eduPerson,CN=Schema,CN=Configuration,DC=X
    governsID: 1.3.6.1.4.1.5923.1.1.2
    adminDisplayName: eduPerson
    adminDescription: eduPerson
    # 3 == aux class
    objectClassCategory: 3
    lDAPDisplayName: eduPerson
    name: eduPerson
    mayContain: eduPersonAffiliation
    mayContain: eduPersonNickname
    mayContain: eduPersonOrgDN
    mayContain: eduPersonOrgUnitDN
    mayContain: eduPersonPrimaryAffiliation
    mayContain: eduPersonPrincipalName
    mayContain: eduPersonEntitlement
    mayContain: eduPersonPrimaryOrgUnitDN
    mayContain: eduPersonScopedAffiliation

    dn:
    changetype: ntdsSchemaModify
    add: schemaUpdateNow
    schemaUpdateNow: 1
    -
    snip----end
     
    francois reichenbach, Apr 28, 2004
    #1
    1. Advertisements

  2. Are you havign trouble importing the schema extension? Or using it
    subsequently?
    Can you tell us some errors you are getting more specifically?
     
    Eric Fleischman [MSFT], Apr 29, 2004
    #2
    1. Advertisements

  3. francois reichenbach

    Lee Flight Guest

    How are you linking the auxiliary class? You mention below that you "add" it
    to
    the objectclass of "user" (presumably the MS-User.ldf definition), are you
    adding
    eduPerson to the auxiliaryClass attribute of your User class or is this
    linking the
    auxiliary class dynamically per instance?

    If you are linking the auxiliary class dynamically per instance, I do not
    think
    the auxiliary attributes will show up as optional in ADSI Edit. You will
    certainly see
    them there if you statically link the auxiliary class to your user object,
    you could do
    this in your ldif file by appending:

    dn: CN=User,CN=Schema,CN=Configuration,DC=X
    changetype: Modify
    add: auxiliaryClass
    auxiliaryClass: eduPerson
    -

    dn:
    changetype: Modify
    add: schemaUpdateNow
    schemaUpdateNow: 1
    -

    I have converted the eduPerson ldif to an AD/ADAM compatible ldf format (I
    have not run
    a diff against your version but it looks about the same, I can post it if
    required) but I statically
    linked the aux class to the user class and I do see/can edit the aux
    attributes in ADSI Edit.
     
    Lee Flight, Apr 29, 2004
    #3
  4. Hello,

    Thank you for reading.

    The schema is extended and usable.

    Summarized question: Is it possible to manage attributes of an auxiliary
    class with ADAMADSIEdit? If yes, what is wrong with me? If no, i will
    continue with ldp!

    Thanks and best regards.

     
    francois reichenbach, Apr 29, 2004
    #4
  5. Sure, you can manage such attributes with adsiedit. They should appear as
    attributes of the object in question once instantiated.

    ~Eric


    --
    Eric Fleischman [MSFT]
    This posting is provided "AS IS" with no warranties, and confers no rights
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm


     
    Eric Fleischman [MSFT], Apr 29, 2004
    #5
  6. Thanks a lot.
    Linking statically the auxiliary class eduperson to the user objectclass
    makes the attributes available to ADAMADSIEdit.
    Best regards.
     
    francois reichenbach, Apr 30, 2004
    #6
  7. francois reichenbach

    Lee Flight Guest

    Eric,

    Even attributes that are picked up through a *dynamic* auxiliary class?

    I do not see that in ADAM or W2K3 (forest functional) ADSI Edit, is there a
    later version of ADSI Edit for either that does this? (LDP sees such
    attributes if set).

    Statically linked aux class attributes are visible (as per my previous post
    in this thread)

    Thanks
    Lee Flight
    Network Support, University of Leicester
     
    Lee Flight, Apr 30, 2004
    #7
  8. You didn't say dynamic aux class. ;)

    Did you link the dyn obj class to the obj in question prior to trying to
    view it with adsiedit?
    Never tried with adsiedit before so I couldn't tell you. I primarily use
    ldp. But i would guess it would work. Perhaps someone knows better.
    It would be an easy test though. Just link up the dyn aux class then open
    the object with adsiedit.

    ~Eric


    --
    Eric Fleischman [MSFT]
    This posting is provided "AS IS" with no warranties, and confers no rights
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Eric Fleischman [MSFT], Apr 30, 2004
    #8
  9. francois reichenbach

    Lee Flight Guest

    Me too
    and... you don't see the attributes (ADAM or W2K3 using the respective
    versions of ADSIedit).

    Is this a bug?

    Thanks

    Lee Flight
    Network Support, University of Leicester
     
    Lee Flight, Apr 30, 2004
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.