[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] The correct behaviour of auxiliary object classes

To: Vincent Ryan <Vincent.Ryan@Ireland.Sun.COM>, ldap@umich.edu, ietf-ldapext@netscape.com
Subject: Re: [ldap] The correct behaviour of auxiliary object classes
From: Erik Skovgaard <eskovgaard@geotrain.com>
Date: Wed, 01 Mar 2000 15:52:46 -0800
In-reply-to: <"LYR41002-66672-2000.03.01-09.06.03--eskovgaard#geotrain.co m"@listserver.itd.umich.edu>
Resent-date: Wed, 01 Mar 2000 16:00:02 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <Bvenz.A.uMB.j7av4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Vincent,

Auxiliary Object Classes are particularly useful where you want to add
attributes to several types of Structural Object Classes.

See also below.

At 14:01 2000-03-01 +0000, Vincent Ryan wrote:
>
>I'm seeking clarification of how auxiliary object classes are
>supposed to operate. My understanding of auxiliary object classes
>is that they are designed to be mixed-in with structural object
>classes when particular instances of a structural object class
>need additional attributes. 
>
>For example, 'strongAuthenticationUser' is an auxiliary class
>defined in RFC 2256 and it mandates the 'userCertificate' attribute.
>If I want to create an LDAP entry that is both an 'organizationalPerson'
>and a 'strongAuthenticationUser' then I should specify both class
>names in the object class attribute for the entry. In addition,
>as 'sn' is mandatory for the 'organizationalPerson' class and
>'userCertificate' is mandatory for the 'strongAuthenticationUser'
>class then I must supply both of these attributes too.
>
>Is my understanding correct? 

Yes, you are right.  In addition, an Auxiliary Object Class cannot be
instantiated without a Structural Object Class.

>
>Should this behaviour be stated explicitly in the LDAP RFCs?

Perhaps, but you could argue that lots of things should.  The base
documents are referenced.

>
>I notice that support for auxiliary classes in Windows 2000
>Active Directory deviates from this behaviour. Auxiliary classes
>are (permanently) associated with specific structural classes in
>the Active Directory schema. The effect is that every instance of
>a structural class must contain the mandatory attributes of all
>of its associated auxiliary classes. That is, the auxiliary class
>is associated with every instance of the structural class. In
>addition, auxiliary class names must not appear as values of the
>object class attribute of the instance of the structural class.
>
>Can someone from Microsoft confirm that my description is correct?
>(Or have I misunderstood how Active Directory operates.)
>
>Do other LDAP server implementors support auxiliary classes differently?

Some do not implement them at all.

Cheers,                   ....Erik.

--------------------------------------
Erik Skovgaard
Global Knowledge
Enterprise Directory Group
>
>---
>You are currently subscribed to ldap@umich.edu as: [eskovgaard@geotrain.com]
>To unsubscribe send email to ldap-request@umich.edu with the word
UNSUBSCRIBE as the SUBJECT of the message.
>
>

Prev by Date: Re: Changelog entries draft. Do not seem to find it.
Next by Date: Re: (c.harding 38467) bug in blits
Index(es):
- Chronological
- Thread