Hi all,

I was wondering if there is any best practice when to use extensibleObject in contrast to creating new objectClasses within a local schema.

E.g. I have the need to filter the visibility of posixGroups depending on some attribute when sssd is accessing the directory.

What I could do is to use an extra objectClass: extensibleObject to allow all defined attributes (e.g. host) to be used within my object.

I could also create a new

objectClass ( 2.25.$UUID.1.2.1 NAME 'myGroup' DESC 'Group with host attribute' SUP posixGroup AUXILIARY MAY host )

As far as I can tell using extensibleObject has the disadvantage to more or less disable the checks for correct attribute usage.

Are there more positive or negative aspects to extensibleObject?

I'd like to hear your thought on this.

Thanks,

Uwe