On 04/20/15 22:10, Quanah Gibson-Mount wrote:
> --On Monday, April 20, 2015 12:06 PM +0530 dE <de.techno(a)gmail.com>
>> I'm concerned about the attributes. Does adding of the top object class
>> (or person) add all attributes to the entry?
> No. Look up the difference between "MUST" and "MAY". It means
> *possible* to set any of the attributes in an entry, with a value.
> MUST attributes are required, MAY are optional.
Ok, so you can add attributes which are not included in the
'MAY' of the
most subordinate object class the entry belongs to.
Location in the objectclass hierarchy is irrelevant here. You can add
attributes that are included in the MUST or MAY of *any* of the classes
associated with the object. An object can only have one governing
structural object class, but can have arbitrarily many auxiliary object
classes, as limited by any DIT content rules that may be in effect for
that structural class.
Most LDAP deployments don't use DIT content rules, so there are usually
no limits on which auxiliary classes may be used.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/