Thanks for the tip. I had the visibility in another schema file (which was also being included in slapd.conf).
I moved it to the dyngroup.schema file. This is how it looks now:
- - objectIdentifier NetscapeRoot 2.16.840.1.113730 - - objectIdentifier NetscapeLDAP NetscapeRoot:3 - objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 - objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 - - objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 - objectIdentifier DynGroupBase OpenLDAPExp11:8 - objectIdentifier DynGroupAttr DynGroupBase:1 - objectIdentifier DynGroupOC DynGroupBase:2 - - attributetype ( NetscapeLDAPattributeType:198 - NAME 'memberURL' - DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' - SUP labeledURI ) - - attributetype ( DynGroupAttr:1 - NAME 'dgIdentity' - DESC 'Identity to use when processing the memberURL' - SUP distinguishedName SINGLE-VALUE ) - - attributeType ( DynGroupAttr:2 - NAME 'dgAuthz' - DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' - EQUALITY authzMatch - SYNTAX 1.3.6.1.4.1.4203.666.2.7 - X-ORDERED 'VALUES' ) - - objectClass ( NetscapeLDAPobjectClass:33 - NAME 'groupOfURLs' - SUP top STRUCTURAL - MUST cn - MAY ( memberURL $ businessCategory $ description $ o $ ou $ - owner $ seeAlso $ member ) ) - - # The Haripriya dyngroup schema still needs a lot of work. - # We're just adding support for the dgIdentity attribute for now... - objectClass ( DynGroupOC:1 - NAME 'dgIdentityAux' - SUP top AUXILIARY - MAY ( dgIdentity $ dgAuthz ) ) - - ################################################################################ - # - attributeType ( 1.1.2.1.1 - NAME 'visibility' - SUP name ) - - # - - # - ################################################################################ - # - attributeType ( 1.1.2.1.2 - NAME 'groupname' - SUP name ) - - # - - ################################################################################ - - - ################################################################################ - # - objectClass ( 1.3.6.1.4.1.5923.1.1.101 - NAME 'dygroup' - DESC 'dynamic group' - SUP groupOfURLs - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################ - - ####################################################################### - # - objectClass ( 1.3.6.1.4.1.5923.1.1.99 - NAME 'group' - DESC 'group' - SUP groupOfNames - STRUCTURAL - MUST ( visibility $ groupname $ owner ) ) - - - ################################################################################
However I have the same problem. It still doesn't show dygroup in the objectClass list whenever I try to crate a new entry.
2013/5/31 Michael Ströder michael@stroeder.com
Carlos.
please always follow-up on the mailing list so others can learn and answer as well.
Carlos Santos wrote:
################################################################################
- #
- objectClass ( 1.3.6.1.4.1.5923.1.1.101
NAME 'dygroup'DESC 'dynamic group'SUP groupOfURLsSTRUCTURALMUST ( visibility $ groupname $ owner ) )################################################################################
When using this and starting slapd with -d config,stats then it outputs:
51a8b922 line 53 (objectClass ( 1.3.6.1.4.1.5923.1.1.101 NAME 'dygroup' DESC 'dynamic group' SUP groupOfURLs STRUCTURAL MUST ( visibility $ groupname $ owner ) )) 51a8b922
/home/michael/ftp/Linux/Networking/LDAP/OpenLDAP/schema/experimental.schema: line 53 objectClass: AttributeType not found: "visibility"
So where's the attribute type description for 'visibility'?
=> always use debug options when starting slapd after working on custom schema definitions.
Ciao, Michael.