53a0fa9 LDAPCreate: allow callers to override objectclasses

Authored and Committed by abbra 4 years ago
    LDAPCreate: allow callers to override objectclasses
    
    LDAPCreate class explicitly allows use of --setattr/--addattr options to
    pass-in additional configuration or override some of the framework
    decisions. However, changes to objectclasses are ignored.
    
    We have a number of plugins where additional attributes and their values
    are generated at creation time. For example, ipa-sidgen plugin generates
    ipaNTSecurityIdentifier value on LDAP ADD operation when objectclasses
    include a specific object class and some other attributes (uidNumber,
    gidNumber) do present in the LDAP mods.
    
    Allow to override object-specific LDAP objectclasses by the
    --setattr/--addattr option values.
    
    Related: https://pagure.io/freeipa/issue/7953
    Reviewed-By: Christian Heimes <cheimes@redhat.com>