I have an ADAM schema where I have created some classes derived and subclassed from for example user and msDS-AzRole.

When I populate the tree with entries I have no problem doing this with ldif files and ldifde.exe. But I see that some attributes which I did not populate in my scripts are still being populated, I assume these are populated "under the cover" by ldifde. For example - instanceType, objectCategory, objectClass (modified, now the full class hierarchy is manifested in the objectClass attribute) and objectSID. objectSID seems to have a binary content.

Now - I want to populate and modify my ADAM tree from my program (in this case from Java using Netscape SDK or plain vanilla JNDI). How do I handle these mandatory attributes that seems to have specific content which I cannot control, like objectSID ?

TIA

Johan

Well, there are some internal attributes that are stamped for you by the
directory service (not by ldifde!). These include objectGuid, instanceType,
whenChanged, whenCreated, and a bunch of others. ObjectSID is stamped on
security principals. This is done automatically, and you can not control
this.

Other attributes are half-automatic. For example, objectClass. It is patched
for you to include superclasses of the structural object class.
ObjectCategory can be specified on add. If you did not specify it, then it
is stamped as the defaultObjectCategory of the object class.

So, answering your question: ldifde does not do any "magic". It basically
imports the data as it is laid out in the ldf file. Your app can do exactly
the same, and the server will stamp internal attributes for you.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Johan" <anonymous@discussions.microsoft.com> wrote in message
news:F00A937A-CE62-4D9E-8894-51D1E3D91844@microsoft.com...
populate in my scripts are still being populated, I assume these are
populated "under the cover" by ldifde. For example - instanceType,
objectCategory, objectClass (modified, now the full class hierarchy is
manifested in the objectClass attribute) and objectSID. objectSID seems to
have a binary content.
these mandatory attributes that seems to have specific content which I
cannot control, like objectSID ?

Thanks. But does this mean in the case of objectSID that this attribute is automatically created and I don't have to provide it when I create the entry from Java using Netscape SDK or JNDI ?

Johan

Yes, the SID is automatically created for users and groups.

One exception is bind proxy objects -- you have to supply an objectSID value
pointing to an existing Windows user when you create bind proxies.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Johan" <anonymous@discussions.microsoft.com> wrote in message
news:C1791EAB-55F3-455F-8F80-5E9D4FD6FFE6@microsoft.com...
from Java using Netscape SDK or JNDI ?