LDAP Object Classes
Each object in an LDAP directory has at least one object class associated with it. The object class determines the characteristics of this object, in particular the set of attributes which the object can have (and the ones it must have).
The object classes are defined in the LDAP directory schema - they constitute a class hierarchy there, there is one central top level class (which is called 'top'), all other classes are derived from that.
This leads to the fact that normally each object of a certain class has actually all the parent classes also as associated classes. You see this if you look at the 'objectClass' attribute which exists for all objects in all LDAP directories:
One
of these object classes is the main class which defines the nature of the object and which is sometimes is called
'structural class'. Some directories store an attribute named structuralClass for each
object - in other directory environment you can derive the main object class from the order in which the classes
are stored in the multi-valued attribute objectClass. LEX tries to evaluate the main
class for each object according to the current directory type. You can see the result in the object list column Object Type:
Class Types and Attributes
LEX can evaluate the
Structural Class of each object - and the superior classes from which this class is derived. These superior classes are called
Abstract Classes. Additionally, there can be
Auxiliary Classes associated with an object.
All this classes together
define a certain set of attributes for each object. LEX loads information about the directory schema, this is done in the first seconds of each LDAP connection to a new LDAP server. If the schema information could be evaluated correctly, LEX knows exactly the complete set of attributes for each type of object in this directory, including the characteristics of attributes: Is it mandatory, is it operational, is it indexed? ...and so on.
Object Classes in the Creation Process
If you create an LDAP directory object, you ave to specify the structural (=the main) object class for this object - according to this LEX shows you what attributes can be set and have to be set in the creation process.
You will notice that LEX also associate several object classes with the object, according to the class hierarchy described in the paragraphs above. This can be done because LEX performed the internal directory schema evaluation at the beginning of the connection:
Please note that in Microsoft Active Directory environments there could be auxiliary classes associated with an object class
without being listed in the objectClass attribute of the regarding objects. Look for example at an AD user object: It has the object classes
user,
organizationalPerson,
person and
top.
In fact an Active Directory user has also the auxiliary object class
securityPrincipal, in Exchange environments, there could be the auxiliary class
mailRecipent, among with several other mail specific classes. You don't have to be worried about these auxiliary classes in the object creation, LEX knows them and shows you the correct set of attributes.
Adding an Object Class to an existing Object
In many LDAP directory environments, you can add auxiliary
classes to an existing object. There could be normal
inetOrgPerson objects in an OpenLDAP directory for example, which you want to 'expand' to posix users or samba users. Then you would have to add the object class
sambaUser or
posixUser to the regarding objects.
Please be careful when you expand objects with new object classes. There might be intrinsic rules about the valid combinations
of object classes in the directory - maybe an object cannot be used anymore correctly after the object class expansion. It is very likely that is difficult to remove an associated object class from an object, so don't do this if you do not know the consequences for the regarding objects.
You can add object classes to existing objects by editing the
objectClass attribute. Just select this attribute of the regarding object in the
attribute list in the LEX main window or in an
standalone attribute window, and use the menu option Edit - Add Array Member, or just press the
PLUS key on your keyboard or use the
Add Add attribute element to an array button
.
In this case, it's not the normal attribute editor which appears. Instead, the
Add New Object Class
to Object dialog is shown:
So you can choose an object class from the drop down list at the
Objectclass text box. LEX knows what attributes this object class can have and show you the appropriate list. Some object classes may have must-have attributes which you have to set in this dialog- without these mandatory attributes you will probably get an error when you try to add the object class.