Sorry! I confused RDN with subentry. The freeipa permit only RDN
types uid, cn, ou, and soon. I want insert the leftmost RDN "affiliation" in a
DN, with the value '1'. I adjusted my ldif again with RDN
"affiliation" to start with the lower letter.
dn: affiliation=1,uid=john,cn=users,cn=accounts,dc=example,dc=com
changetype: add
affiliation: 1
affiliationType: employee
objectClass: CustomPerson
objectClass: top
I'm developing a web self-register to my users using the Python FreeiPA API
(
https://python-freeipa.readthedocs.io/en/latest/).
Is there a reason you aren't simply adding the objectclass and attribute
directly to the entry? Why does it need to be part of the dn?
rob