Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Create Bindable Object in AD
Create Bindable Object in AD [message #156480] Wed, 17 June 2009 20:26 Go to next message
Norm  is currently offline Norm
Messages: 28
Registered: October 2009
Junior Member
We have a calendar application which we are currently using with ADAM. We
would like to migrate it to AD, but there is no msDS-BindableObject in AD. I
tried to add the necessary attributes and object class, but got constraint
errors. Anyone know how to make an object bindable in AD?

Thanks! Norm
Re: Create Bindable Object in AD [message #156489 is a reply to message #156480] Thu, 18 June 2009 03:43 Go to previous messageGo to next message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi

roughly speaking the nearest match in the AD schema is going to be the user
class, so you would likely need to build an auxiliary class that has the
attributes
that you want and use that as auxiliary to user.

Lee Flight

"Norm" <Norm@discussions.microsoft.com> wrote in message
news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
> We have a calendar application which we are currently using with ADAM. We
> would like to migrate it to AD, but there is no msDS-BindableObject in AD.
> I
> tried to add the necessary attributes and object class, but got constraint
> errors. Anyone know how to make an object bindable in AD?
>
> Thanks! Norm
>
Re: Create Bindable Object in AD [message #156513 is a reply to message #156480] Thu, 18 June 2009 00:45 Go to previous messageGo to next message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
You multi-posted to several groups. I answered this question in
microsoft.public.active.directory.interfaces. Try to cross post instead.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Norm" <Norm@discussions.microsoft.com> wrote in message
news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
> We have a calendar application which we are currently using with ADAM. We
> would like to migrate it to AD, but there is no msDS-BindableObject in AD.
> I
> tried to add the necessary attributes and object class, but got constraint
> errors. Anyone know how to make an object bindable in AD?
>
> Thanks! Norm
>
Re: Create Bindable Object in AD [message #156525 is a reply to message #156489] Thu, 18 June 2009 13:36 Go to previous messageGo to next message
Norm  is currently offline Norm
Messages: 28
Registered: October 2009
Junior Member
Lee and Joe,

No luck so far with user because of the rdnattid - here is the original
schema:

dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectclass: classSchema
MustContain: ctCalXItemId
MayContain: ctCalAccess
MayContain: ctCalAccessDomain
MayContain: ctCalAdmd
MayContain: ctCalFlags
MayContain: ctCalHost
MayContain: ctCalLanguageId
MayContain: ctCalNodeAlias
MayContain: ctCalOrgUnit2
MayContain: ctCalOrgUnit3
MayContain: ctCalOrgUnit4
MayContain: ctCalPasswordRequired
MayContain: ctCalPrmd
MayContain: ctCalServerVersion
MayContain: ctCalSysopCanWritePassword
MayContain: cn
MayContain: facsimileTelephoneNumber
MayContain: generationQualifier
MayContain: givenName
MayContain: initials
MayContain: mail
MayContain: ou
MayContain: postalAddress
MayContain: sn
MayContain: telephoneNumber
cn: ctCalAdmin
rdnAttId: ctCalXItemId
governsID: 1.3.6.1.4.1.2672.3.1
subClassOf: top
possSuperiors: organization
possSuperiors: organizationalUnit
SystemAuxiliaryClass: msDS-BindableObject
ObjectClassCategory: 1



"Lee Flight" wrote:

> Hi
>
> roughly speaking the nearest match in the AD schema is going to be the user
> class, so you would likely need to build an auxiliary class that has the
> attributes
> that you want and use that as auxiliary to user.
>
> Lee Flight
>
> "Norm" <Norm@discussions.microsoft.com> wrote in message
> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
> > We have a calendar application which we are currently using with ADAM. We
> > would like to migrate it to AD, but there is no msDS-BindableObject in AD.
> > I
> > tried to add the necessary attributes and object class, but got constraint
> > errors. Anyone know how to make an object bindable in AD?
> >
> > Thanks! Norm
> >
>
>
>
Re: Create Bindable Object in AD [message #156541 is a reply to message #156525] Thu, 18 June 2009 22:40 Go to previous messageGo to next message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
I'm not sure if you can do this with AD. In previous versions of AD you
could not have different RDN attributes but I think that may be been relaxed
recently. I haven't played with it.

If this is possible, you might be able to get it to work by sub classing
user and adding your additional changes. It might be a good idea to
consider allowing some of those mustContain attributes to be optional but
you might be ok leaving them like this.

Is the RDN a deal breaker otherwise?

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Norm" <Norm@discussions.microsoft.com> wrote in message
news:029EE2AA-BA6C-404F-B315-19972A95181F@microsoft.com...
> Lee and Joe,
>
> No luck so far with user because of the rdnattid - here is the original
> schema:
>
> dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
> changetype: ntdsschemaadd
> objectclass: classSchema
> MustContain: ctCalXItemId
> MayContain: ctCalAccess
> MayContain: ctCalAccessDomain
> MayContain: ctCalAdmd
> MayContain: ctCalFlags
> MayContain: ctCalHost
> MayContain: ctCalLanguageId
> MayContain: ctCalNodeAlias
> MayContain: ctCalOrgUnit2
> MayContain: ctCalOrgUnit3
> MayContain: ctCalOrgUnit4
> MayContain: ctCalPasswordRequired
> MayContain: ctCalPrmd
> MayContain: ctCalServerVersion
> MayContain: ctCalSysopCanWritePassword
> MayContain: cn
> MayContain: facsimileTelephoneNumber
> MayContain: generationQualifier
> MayContain: givenName
> MayContain: initials
> MayContain: mail
> MayContain: ou
> MayContain: postalAddress
> MayContain: sn
> MayContain: telephoneNumber
> cn: ctCalAdmin
> rdnAttId: ctCalXItemId
> governsID: 1.3.6.1.4.1.2672.3.1
> subClassOf: top
> possSuperiors: organization
> possSuperiors: organizationalUnit
> SystemAuxiliaryClass: msDS-BindableObject
> ObjectClassCategory: 1
>
>
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> roughly speaking the nearest match in the AD schema is going to be the
>> user
>> class, so you would likely need to build an auxiliary class that has the
>> attributes
>> that you want and use that as auxiliary to user.
>>
>> Lee Flight
>>
>> "Norm" <Norm@discussions.microsoft.com> wrote in message
>> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
>> > We have a calendar application which we are currently using with ADAM.
>> > We
>> > would like to migrate it to AD, but there is no msDS-BindableObject in
>> > AD.
>> > I
>> > tried to add the necessary attributes and object class, but got
>> > constraint
>> > errors. Anyone know how to make an object bindable in AD?
>> >
>> > Thanks! Norm
>> >
>>
>>
>>
Re: Create Bindable Object in AD [message #156556 is a reply to message #156525] Fri, 19 June 2009 09:05 Go to previous messageGo to next message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
I agree with Joe, you could use a subclassof user
with your own rdnAttId and that would be bindable
(at least in LDAP simple bind with full DN); there
are restrictions on the attribute that can be use as rdnAttId
but you must have gotten those right in ADAM as they are the
same there as in AD.

I am curious to know why you want to move this away
from ADAM to AD?

Thanks
Lee Flight

"Norm" <Norm@discussions.microsoft.com> wrote in message
news:029EE2AA-BA6C-404F-B315-19972A95181F@microsoft.com...
> Lee and Joe,
>
> No luck so far with user because of the rdnattid - here is the original
> schema:
>
> dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
> changetype: ntdsschemaadd
> objectclass: classSchema
> MustContain: ctCalXItemId
> MayContain: ctCalAccess
> MayContain: ctCalAccessDomain
> MayContain: ctCalAdmd
> MayContain: ctCalFlags
> MayContain: ctCalHost
> MayContain: ctCalLanguageId
> MayContain: ctCalNodeAlias
> MayContain: ctCalOrgUnit2
> MayContain: ctCalOrgUnit3
> MayContain: ctCalOrgUnit4
> MayContain: ctCalPasswordRequired
> MayContain: ctCalPrmd
> MayContain: ctCalServerVersion
> MayContain: ctCalSysopCanWritePassword
> MayContain: cn
> MayContain: facsimileTelephoneNumber
> MayContain: generationQualifier
> MayContain: givenName
> MayContain: initials
> MayContain: mail
> MayContain: ou
> MayContain: postalAddress
> MayContain: sn
> MayContain: telephoneNumber
> cn: ctCalAdmin
> rdnAttId: ctCalXItemId
> governsID: 1.3.6.1.4.1.2672.3.1
> subClassOf: top
> possSuperiors: organization
> possSuperiors: organizationalUnit
> SystemAuxiliaryClass: msDS-BindableObject
> ObjectClassCategory: 1
>
>
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> roughly speaking the nearest match in the AD schema is going to be the
>> user
>> class, so you would likely need to build an auxiliary class that has the
>> attributes
>> that you want and use that as auxiliary to user.
>>
>> Lee Flight
>>
>> "Norm" <Norm@discussions.microsoft.com> wrote in message
>> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
>> > We have a calendar application which we are currently using with ADAM.
>> > We
>> > would like to migrate it to AD, but there is no msDS-BindableObject in
>> > AD.
>> > I
>> > tried to add the necessary attributes and object class, but got
>> > constraint
>> > errors. Anyone know how to make an object bindable in AD?
>> >
>> > Thanks! Norm
>> >
>>
>>
>>
Re: Create Bindable Object in AD [message #156624 is a reply to message #156556] Mon, 22 June 2009 12:34 Go to previous messageGo to next message
Norm  is currently offline Norm
Messages: 28
Registered: October 2009
Junior Member
Here is my last attempt and the error I received:

dn: CN=ctCalAdminX5,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectclass: classSchema
#MustContain: ctCalXItemId
MayContain: ctCalAccess
MayContain: ctCalAccessDomain
MayContain: ctCalAdmd
MayContain: ctCalFlags
MayContain: ctCalHost
MayContain: ctCalLanguageId
MayContain: ctCalNodeAlias
MayContain: ctCalOrgUnit2
MayContain: ctCalOrgUnit3
MayContain: ctCalOrgUnit4
MayContain: ctCalPasswordRequired
MayContain: ctCalPrmd
MayContain: ctCalServerVersion
MayContain: ctCalSysopCanWritePassword
MayContain: cn
MayContain: facsimileTelephoneNumber
MayContain: generationQualifier
MayContain: givenName
MayContain: initials
MayContain: mail
MayContain: ou
MayContain: postalAddress
MayContain: sn
MayContain: telephoneNumber
cn: ctCalAdminX5
rdnAttId: ctCalXItemId
governsID: 1.3.6.1.4.1.2672.3.115
possSuperiors: organization
possSuperiors: organizationalUnit
ObjectClassCategory: 3

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

dn:ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc =bigtop,dc=peewee
objectClass: top
objectclass: user
objectClass: ctCalAdminX5
distinguishedName:
ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=bi gtop,dc=peewee
name: 02075:00001
ctCalSysopCanWritePassword: 1
ctCalXItemId: 02075:00001
ctCalFlags: 0
sn: SYSOP
ctCalHost: RIO-DSTCALENDAR
ctCalLanguageId: 0
ctCalPasswordRequired: 1

Loading entries.
Add error on entry starting on line 1: Naming Violation
The server side error is: 0x2073 An attempt was made to add an object using
an R
DN that is not the RDN defined in the schema.
The extended server error is:
00002073: NameErr: DSID-03050BBB, problem 2005 (NAMING_VIOLATION), data 0,
best
match of:

'ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=b igtop,dc=pee
wee'

0 entries modified successfully.
An error has occurred in the program

"Lee Flight" wrote:

> I agree with Joe, you could use a subclassof user
> with your own rdnAttId and that would be bindable
> (at least in LDAP simple bind with full DN); there
> are restrictions on the attribute that can be use as rdnAttId
> but you must have gotten those right in ADAM as they are the
> same there as in AD.
>
> I am curious to know why you want to move this away
> from ADAM to AD?
>
> Thanks
> Lee Flight
>
> "Norm" <Norm@discussions.microsoft.com> wrote in message
> news:029EE2AA-BA6C-404F-B315-19972A95181F@microsoft.com...
> > Lee and Joe,
> >
> > No luck so far with user because of the rdnattid - here is the original
> > schema:
> >
> > dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
> > changetype: ntdsschemaadd
> > objectclass: classSchema
> > MustContain: ctCalXItemId
> > MayContain: ctCalAccess
> > MayContain: ctCalAccessDomain
> > MayContain: ctCalAdmd
> > MayContain: ctCalFlags
> > MayContain: ctCalHost
> > MayContain: ctCalLanguageId
> > MayContain: ctCalNodeAlias
> > MayContain: ctCalOrgUnit2
> > MayContain: ctCalOrgUnit3
> > MayContain: ctCalOrgUnit4
> > MayContain: ctCalPasswordRequired
> > MayContain: ctCalPrmd
> > MayContain: ctCalServerVersion
> > MayContain: ctCalSysopCanWritePassword
> > MayContain: cn
> > MayContain: facsimileTelephoneNumber
> > MayContain: generationQualifier
> > MayContain: givenName
> > MayContain: initials
> > MayContain: mail
> > MayContain: ou
> > MayContain: postalAddress
> > MayContain: sn
> > MayContain: telephoneNumber
> > cn: ctCalAdmin
> > rdnAttId: ctCalXItemId
> > governsID: 1.3.6.1.4.1.2672.3.1
> > subClassOf: top
> > possSuperiors: organization
> > possSuperiors: organizationalUnit
> > SystemAuxiliaryClass: msDS-BindableObject
> > ObjectClassCategory: 1
> >
> >
> >
> > "Lee Flight" wrote:
> >
> >> Hi
> >>
> >> roughly speaking the nearest match in the AD schema is going to be the
> >> user
> >> class, so you would likely need to build an auxiliary class that has the
> >> attributes
> >> that you want and use that as auxiliary to user.
> >>
> >> Lee Flight
> >>
> >> "Norm" <Norm@discussions.microsoft.com> wrote in message
> >> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
> >> > We have a calendar application which we are currently using with ADAM.
> >> > We
> >> > would like to migrate it to AD, but there is no msDS-BindableObject in
> >> > AD.
> >> > I
> >> > tried to add the necessary attributes and object class, but got
> >> > constraint
> >> > errors. Anyone know how to make an object bindable in AD?
> >> >
> >> > Thanks! Norm
> >> >
> >>
> >>
> >>
>
>
>
Re: Create Bindable Object in AD [message #156673 is a reply to message #156624] Tue, 23 June 2009 09:58 Go to previous messageGo to next message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi,

your class definition would need

subClassof: user

the instance of the class you are trying to create will
also needed a cn set (inherited mustContain from Person
class).

Lee Flight

"Norm" <Norm@discussions.microsoft.com> wrote in message
news:B22E4A39-CA41-4E69-BB4E-A5A1DFA2AB28@microsoft.com...
> Here is my last attempt and the error I received:
>
> dn: CN=ctCalAdminX5,CN=Schema,CN=Configuration,DC=X
> changetype: ntdsschemaadd
> objectclass: classSchema
> #MustContain: ctCalXItemId
> MayContain: ctCalAccess
> MayContain: ctCalAccessDomain
> MayContain: ctCalAdmd
> MayContain: ctCalFlags
> MayContain: ctCalHost
> MayContain: ctCalLanguageId
> MayContain: ctCalNodeAlias
> MayContain: ctCalOrgUnit2
> MayContain: ctCalOrgUnit3
> MayContain: ctCalOrgUnit4
> MayContain: ctCalPasswordRequired
> MayContain: ctCalPrmd
> MayContain: ctCalServerVersion
> MayContain: ctCalSysopCanWritePassword
> MayContain: cn
> MayContain: facsimileTelephoneNumber
> MayContain: generationQualifier
> MayContain: givenName
> MayContain: initials
> MayContain: mail
> MayContain: ou
> MayContain: postalAddress
> MayContain: sn
> MayContain: telephoneNumber
> cn: ctCalAdminX5
> rdnAttId: ctCalXItemId
> governsID: 1.3.6.1.4.1.2672.3.115
> possSuperiors: organization
> possSuperiors: organizationalUnit
> ObjectClassCategory: 3
>
> dn:
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -
>
> dn:ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc =bigtop,dc=peewee
> objectClass: top
> objectclass: user
> objectClass: ctCalAdminX5
> distinguishedName:
> ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=bi gtop,dc=peewee
> name: 02075:00001
> ctCalSysopCanWritePassword: 1
> ctCalXItemId: 02075:00001
> ctCalFlags: 0
> sn: SYSOP
> ctCalHost: RIO-DSTCALENDAR
> ctCalLanguageId: 0
> ctCalPasswordRequired: 1
>
> Loading entries.
> Add error on entry starting on line 1: Naming Violation
> The server side error is: 0x2073 An attempt was made to add an object
> using
> an R
> DN that is not the RDN defined in the schema.
> The extended server error is:
> 00002073: NameErr: DSID-03050BBB, problem 2005 (NAMING_VIOLATION), data 0,
> best
> match of:
>
> 'ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=b igtop,dc=pee
> wee'
>
> 0 entries modified successfully.
> An error has occurred in the program
>
> "Lee Flight" wrote:
>
>> I agree with Joe, you could use a subclassof user
>> with your own rdnAttId and that would be bindable
>> (at least in LDAP simple bind with full DN); there
>> are restrictions on the attribute that can be use as rdnAttId
>> but you must have gotten those right in ADAM as they are the
>> same there as in AD.
>>
>> I am curious to know why you want to move this away
>> from ADAM to AD?
>>
>> Thanks
>> Lee Flight
>>
>> "Norm" <Norm@discussions.microsoft.com> wrote in message
>> news:029EE2AA-BA6C-404F-B315-19972A95181F@microsoft.com...
>> > Lee and Joe,
>> >
>> > No luck so far with user because of the rdnattid - here is the original
>> > schema:
>> >
>> > dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
>> > changetype: ntdsschemaadd
>> > objectclass: classSchema
>> > MustContain: ctCalXItemId
>> > MayContain: ctCalAccess
>> > MayContain: ctCalAccessDomain
>> > MayContain: ctCalAdmd
>> > MayContain: ctCalFlags
>> > MayContain: ctCalHost
>> > MayContain: ctCalLanguageId
>> > MayContain: ctCalNodeAlias
>> > MayContain: ctCalOrgUnit2
>> > MayContain: ctCalOrgUnit3
>> > MayContain: ctCalOrgUnit4
>> > MayContain: ctCalPasswordRequired
>> > MayContain: ctCalPrmd
>> > MayContain: ctCalServerVersion
>> > MayContain: ctCalSysopCanWritePassword
>> > MayContain: cn
>> > MayContain: facsimileTelephoneNumber
>> > MayContain: generationQualifier
>> > MayContain: givenName
>> > MayContain: initials
>> > MayContain: mail
>> > MayContain: ou
>> > MayContain: postalAddress
>> > MayContain: sn
>> > MayContain: telephoneNumber
>> > cn: ctCalAdmin
>> > rdnAttId: ctCalXItemId
>> > governsID: 1.3.6.1.4.1.2672.3.1
>> > subClassOf: top
>> > possSuperiors: organization
>> > possSuperiors: organizationalUnit
>> > SystemAuxiliaryClass: msDS-BindableObject
>> > ObjectClassCategory: 1
>> >
>> >
>> >
>> > "Lee Flight" wrote:
>> >
>> >> Hi
>> >>
>> >> roughly speaking the nearest match in the AD schema is going to be the
>> >> user
>> >> class, so you would likely need to build an auxiliary class that has
>> >> the
>> >> attributes
>> >> that you want and use that as auxiliary to user.
>> >>
>> >> Lee Flight
>> >>
>> >> "Norm" <Norm@discussions.microsoft.com> wrote in message
>> >> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
>> >> > We have a calendar application which we are currently using with
>> >> > ADAM.
>> >> > We
>> >> > would like to migrate it to AD, but there is no msDS-BindableObject
>> >> > in
>> >> > AD.
>> >> > I
>> >> > tried to add the necessary attributes and object class, but got
>> >> > constraint
>> >> > errors. Anyone know how to make an object bindable in AD?
>> >> >
>> >> > Thanks! Norm
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>
Re: Create Bindable Object in AD [message #156717 is a reply to message #156673] Tue, 23 June 2009 20:19 Go to previous messageGo to next message
Norm  is currently offline Norm
Messages: 28
Registered: October 2009
Junior Member
Thanks, Lee!

I had a nice long reply, hit post, and got the wonderful "service
temporarily unavailable" message. I'll try to re-create it...

I was able to create the objectclass with the subClassOf: user if I left it
structual, but then when I created an object it just showed up with my new
objectclass type and not user. It also had none of the attributes of a user
object. I was able to get it to sort of work by making it an aux class, but
then I needed to include objectClass: user when I created an object. That
won't work since the calendar app does it's create using just "top" and
"ctCalAdmin" for the objectclass. What I really need to be able to do is
create an objectclass that will create something that looks like a user so I
can set a password. Here is my last attempt - maybe you can see what I'm
missing. Thanks again for all your help!

dn: CN=ctCalAdmin8,CN=Schema,CN=Configuration,DC=X
changetype: ntdsschemaadd
objectclass: classSchema
MayContain: ctCalXItemId
MayContain: ctCalAccess
MayContain: ctCalAccessDomain
MayContain: ctCalAdmd
MayContain: ctCalFlags
MayContain: ctCalHost
MayContain: ctCalLanguageId
MayContain: ctCalNodeAlias
MayContain: ctCalOrgUnit2
MayContain: ctCalOrgUnit3
MayContain: ctCalOrgUnit4
MayContain: ctCalPasswordRequired
MayContain: ctCalPrmd
MayContain: ctCalServerVersion
MayContain: ctCalSysopCanWritePassword
MustContain: cn
MayContain: facsimileTelephoneNumber
MayContain: generationQualifier
MayContain: givenName
MayContain: initials
MayContain: mail
MayContain: ou
MayContain: postalAddress
MayContain: sn
MayContain: telephoneNumber
cn: ctCalAdmin8
rdnAttId: cn
governsID: 1.3.6.1.4.1.2672.3.118
subClassOf: user
possSuperiors: organization
possSuperiors: organizationalUnit
ObjectClassCategory: 1

Here is a test object:

dn:cn=09993:00009,ou=library,ou=employees,ou=mcccd,dc=bigtop ,dc=peewee
objectClass: top
objectClass: ctCalAdmin8
distinguishedName:
cn=09993:00009,ou=library,ou=employees,ou=mcccd,dc=bigtop,dc =peewee
name: 09993:00009
ctCalXItemId: 09993:00009
sn: SYSOP9
ctCalHost: Y1EFBB6RDI6UF5P


"Lee Flight" wrote:

> Hi,
>
> your class definition would need
>
> subClassof: user
>
> the instance of the class you are trying to create will
> also needed a cn set (inherited mustContain from Person
> class).
>
> Lee Flight
>
> "Norm" <Norm@discussions.microsoft.com> wrote in message
> news:B22E4A39-CA41-4E69-BB4E-A5A1DFA2AB28@microsoft.com...
> > Here is my last attempt and the error I received:
> >
> > dn: CN=ctCalAdminX5,CN=Schema,CN=Configuration,DC=X
> > changetype: ntdsschemaadd
> > objectclass: classSchema
> > #MustContain: ctCalXItemId
> > MayContain: ctCalAccess
> > MayContain: ctCalAccessDomain
> > MayContain: ctCalAdmd
> > MayContain: ctCalFlags
> > MayContain: ctCalHost
> > MayContain: ctCalLanguageId
> > MayContain: ctCalNodeAlias
> > MayContain: ctCalOrgUnit2
> > MayContain: ctCalOrgUnit3
> > MayContain: ctCalOrgUnit4
> > MayContain: ctCalPasswordRequired
> > MayContain: ctCalPrmd
> > MayContain: ctCalServerVersion
> > MayContain: ctCalSysopCanWritePassword
> > MayContain: cn
> > MayContain: facsimileTelephoneNumber
> > MayContain: generationQualifier
> > MayContain: givenName
> > MayContain: initials
> > MayContain: mail
> > MayContain: ou
> > MayContain: postalAddress
> > MayContain: sn
> > MayContain: telephoneNumber
> > cn: ctCalAdminX5
> > rdnAttId: ctCalXItemId
> > governsID: 1.3.6.1.4.1.2672.3.115
> > possSuperiors: organization
> > possSuperiors: organizationalUnit
> > ObjectClassCategory: 3
> >
> > dn:
> > changetype: modify
> > add: schemaUpdateNow
> > schemaUpdateNow: 1
> > -
> >
> > dn:ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc =bigtop,dc=peewee
> > objectClass: top
> > objectclass: user
> > objectClass: ctCalAdminX5
> > distinguishedName:
> > ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=bi gtop,dc=peewee
> > name: 02075:00001
> > ctCalSysopCanWritePassword: 1
> > ctCalXItemId: 02075:00001
> > ctCalFlags: 0
> > sn: SYSOP
> > ctCalHost: RIO-DSTCALENDAR
> > ctCalLanguageId: 0
> > ctCalPasswordRequired: 1
> >
> > Loading entries.
> > Add error on entry starting on line 1: Naming Violation
> > The server side error is: 0x2073 An attempt was made to add an object
> > using
> > an R
> > DN that is not the RDN defined in the schema.
> > The extended server error is:
> > 00002073: NameErr: DSID-03050BBB, problem 2005 (NAMING_VIOLATION), data 0,
> > best
> > match of:
> >
> > 'ctCalXItemId=02075:00001,OU=DSSC,ou=employees,ou=mcccd,dc=b igtop,dc=pee
> > wee'
> >
> > 0 entries modified successfully.
> > An error has occurred in the program
> >
> > "Lee Flight" wrote:
> >
> >> I agree with Joe, you could use a subclassof user
> >> with your own rdnAttId and that would be bindable
> >> (at least in LDAP simple bind with full DN); there
> >> are restrictions on the attribute that can be use as rdnAttId
> >> but you must have gotten those right in ADAM as they are the
> >> same there as in AD.
> >>
> >> I am curious to know why you want to move this away
> >> from ADAM to AD?
> >>
> >> Thanks
> >> Lee Flight
> >>
> >> "Norm" <Norm@discussions.microsoft.com> wrote in message
> >> news:029EE2AA-BA6C-404F-B315-19972A95181F@microsoft.com...
> >> > Lee and Joe,
> >> >
> >> > No luck so far with user because of the rdnattid - here is the original
> >> > schema:
> >> >
> >> > dn: CN=ctCalAdmin,CN=Schema,CN=Configuration,DC=X
> >> > changetype: ntdsschemaadd
> >> > objectclass: classSchema
> >> > MustContain: ctCalXItemId
> >> > MayContain: ctCalAccess
> >> > MayContain: ctCalAccessDomain
> >> > MayContain: ctCalAdmd
> >> > MayContain: ctCalFlags
> >> > MayContain: ctCalHost
> >> > MayContain: ctCalLanguageId
> >> > MayContain: ctCalNodeAlias
> >> > MayContain: ctCalOrgUnit2
> >> > MayContain: ctCalOrgUnit3
> >> > MayContain: ctCalOrgUnit4
> >> > MayContain: ctCalPasswordRequired
> >> > MayContain: ctCalPrmd
> >> > MayContain: ctCalServerVersion
> >> > MayContain: ctCalSysopCanWritePassword
> >> > MayContain: cn
> >> > MayContain: facsimileTelephoneNumber
> >> > MayContain: generationQualifier
> >> > MayContain: givenName
> >> > MayContain: initials
> >> > MayContain: mail
> >> > MayContain: ou
> >> > MayContain: postalAddress
> >> > MayContain: sn
> >> > MayContain: telephoneNumber
> >> > cn: ctCalAdmin
> >> > rdnAttId: ctCalXItemId
> >> > governsID: 1.3.6.1.4.1.2672.3.1
> >> > subClassOf: top
> >> > possSuperiors: organization
> >> > possSuperiors: organizationalUnit
> >> > SystemAuxiliaryClass: msDS-BindableObject
> >> > ObjectClassCategory: 1
> >> >
> >> >
> >> >
> >> > "Lee Flight" wrote:
> >> >
> >> >> Hi
> >> >>
> >> >> roughly speaking the nearest match in the AD schema is going to be the
> >> >> user
> >> >> class, so you would likely need to build an auxiliary class that has
> >> >> the
> >> >> attributes
> >> >> that you want and use that as auxiliary to user.
> >> >>
> >> >> Lee Flight
> >> >>
> >> >> "Norm" <Norm@discussions.microsoft.com> wrote in message
> >> >> news:83D2717C-844D-4F05-A46F-B3A0B9CF1F98@microsoft.com...
> >> >> > We have a calendar application which we are currently using with
> >> >> > ADAM.
> >> >> > We
> >> >> > would like to migrate it to AD, but there is no msDS-BindableObject
> >> >> > in
> >> >> > AD.
> >> >> > I
> >> >> > tried to add the necessary attributes and object class, but got
> >> >> > constraint
> >> >> > errors. Anyone know how to make an object bindable in AD?
> >> >> >
> >> >> > Thanks! Norm
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Re: Create Bindable Object in AD [message #156726 is a reply to message #156717] Wed, 24 June 2009 05:49 Go to previous message
Lee Flight  is currently offline Lee Flight  United Kingdom
Messages: 392
Registered: July 2009
Senior Member
Hi

edited inline below...

"Norm" <Norm@discussions.microsoft.com> wrote in message
news:08AC3A90-E6E8-40BC-8A1D-00622F3479CA@microsoft.com...

> dn: CN=ctCalAdmin8,CN=Schema,CN=Configuration,DC=X
> changetype: ntdsschemaadd
> objectclass: classSchema
> MayContain: ctCalXItemId
> MayContain: ctCalAccess
> MayContain: ctCalAccessDomain
> MayContain: ctCalAdmd
> MayContain: ctCalFlags
> MayContain: ctCalHost
> MayContain: ctCalLanguageId
> MayContain: ctCalNodeAlias
> MayContain: ctCalOrgUnit2
> MayContain: ctCalOrgUnit3
> MayContain: ctCalOrgUnit4
> MayContain: ctCalPasswordRequired
> MayContain: ctCalPrmd
> MayContain: ctCalServerVersion
> MayContain: ctCalSysopCanWritePassword

##remove this mustContain as it is already inherited for any subClass of
user
> MustContain: cn

> MayContain: facsimileTelephoneNumber
> MayContain: generationQualifier
> MayContain: givenName
> MayContain: initials
> MayContain: mail
> MayContain: ou
> MayContain: postalAddress
> MayContain: sn
> MayContain: telephoneNumber
> cn: ctCalAdmin8

## rdnAttId should be ctCalXitemId not cn
> rdnAttId: cn


> governsID: 1.3.6.1.4.1.2672.3.118
> subClassOf: user
> possSuperiors: organization
> possSuperiors: organizationalUnit
> ObjectClassCategory: 1
>
> Here is a test object:
>

Given the above you a minimal test object would need something like:

dn:ctCalXItemId=09993:00009,ou=library,ou=employees,ou=mcccd ,dc=bigtop,dc=peewee
changetype: add
objectClass: ctCalAdmin8
cn: 09993:00009
Previous Topic:Password Change - Users unable to login
Next Topic:NPS DHCP with NAP
Goto Forum:
  


Current Time: Fri Oct 20 10:16:29 EDT 2017

Total time taken to generate the page: 0.03283 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software