diff --git a/changelogs/fragments/7019-ipa_config-user-and-group-objectclasses.yml b/changelogs/fragments/7019-ipa_config-user-and-group-objectclasses.yml
new file mode 100644
index 0000000000..d9a2a2673f
--- /dev/null
+++ b/changelogs/fragments/7019-ipa_config-user-and-group-objectclasses.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - ipa_config - add module parameters to manage FreeIPA user and group objectclasses (https://github.com/ansible-collections/community.general/pull/7019).
diff --git a/plugins/modules/ipa_config.py b/plugins/modules/ipa_config.py
index 4b2b438558..f63fbc2107 100644
--- a/plugins/modules/ipa_config.py
+++ b/plugins/modules/ipa_config.py
@@ -40,6 +40,12 @@ options:
     aliases: ["primarygroup"]
     type: str
     version_added: '2.5.0'
+  ipagroupobjectclasses:
+    description: A list of group objectclasses.
+    aliases: ["groupobjectclasses"]
+    type: list
+    elements: str
+    version_added: '7.3.0'
   ipagroupsearchfields:
     description: A list of fields to search in when searching for groups.
     aliases: ["groupsearchfields"]
@@ -93,6 +99,12 @@ options:
     type: list
     elements: str
     version_added: '2.5.0'
+  ipauserobjectclasses:
+    description: A list of user objectclasses.
+    aliases: ["userobjectclasses"]
+    type: list
+    elements: str
+    version_added: '7.3.0'
   ipausersearchfields:
     description: A list of fields to search in when searching for users.
     aliases: ["usersearchfields"]
@@ -237,11 +249,12 @@ class ConfigIPAClient(IPAClient):
 
 def get_config_dict(ipaconfigstring=None, ipadefaultloginshell=None,
                     ipadefaultemaildomain=None, ipadefaultprimarygroup=None,
-                    ipagroupsearchfields=None, ipahomesrootdir=None,
-                    ipakrbauthzdata=None, ipamaxusernamelength=None,
-                    ipapwdexpadvnotify=None, ipasearchrecordslimit=None,
-                    ipasearchtimelimit=None, ipaselinuxusermaporder=None,
-                    ipauserauthtype=None, ipausersearchfields=None):
+                    ipagroupsearchfields=None, ipagroupobjectclasses=None,
+                    ipahomesrootdir=None, ipakrbauthzdata=None,
+                    ipamaxusernamelength=None, ipapwdexpadvnotify=None,
+                    ipasearchrecordslimit=None, ipasearchtimelimit=None,
+                    ipaselinuxusermaporder=None, ipauserauthtype=None,
+                    ipausersearchfields=None, ipauserobjectclasses=None):
     config = {}
     if ipaconfigstring is not None:
         config['ipaconfigstring'] = ipaconfigstring
@@ -251,6 +264,8 @@ def get_config_dict(ipaconfigstring=None, ipadefaultloginshell=None,
         config['ipadefaultemaildomain'] = ipadefaultemaildomain
     if ipadefaultprimarygroup is not None:
         config['ipadefaultprimarygroup'] = ipadefaultprimarygroup
+    if ipagroupobjectclasses is not None:
+        config['ipagroupobjectclasses'] = ipagroupobjectclasses
     if ipagroupsearchfields is not None:
         config['ipagroupsearchfields'] = ','.join(ipagroupsearchfields)
     if ipahomesrootdir is not None:
@@ -269,6 +284,8 @@ def get_config_dict(ipaconfigstring=None, ipadefaultloginshell=None,
         config['ipaselinuxusermaporder'] = '$'.join(ipaselinuxusermaporder)
     if ipauserauthtype is not None:
         config['ipauserauthtype'] = ipauserauthtype
+    if ipauserobjectclasses is not None:
+        config['ipauserobjectclasses'] = ipauserobjectclasses
     if ipausersearchfields is not None:
         config['ipausersearchfields'] = ','.join(ipausersearchfields)
 
@@ -285,6 +302,7 @@ def ensure(module, client):
         ipadefaultloginshell=module.params.get('ipadefaultloginshell'),
         ipadefaultemaildomain=module.params.get('ipadefaultemaildomain'),
         ipadefaultprimarygroup=module.params.get('ipadefaultprimarygroup'),
+        ipagroupobjectclasses=module.params.get('ipagroupobjectclasses'),
         ipagroupsearchfields=module.params.get('ipagroupsearchfields'),
         ipahomesrootdir=module.params.get('ipahomesrootdir'),
         ipakrbauthzdata=module.params.get('ipakrbauthzdata'),
@@ -295,6 +313,7 @@ def ensure(module, client):
         ipaselinuxusermaporder=module.params.get('ipaselinuxusermaporder'),
         ipauserauthtype=module.params.get('ipauserauthtype'),
         ipausersearchfields=module.params.get('ipausersearchfields'),
+        ipauserobjectclasses=module.params.get('ipauserobjectclasses'),
     )
     ipa_config = client.config_show()
     diff = get_config_diff(client, ipa_config, module_config)
@@ -324,6 +343,8 @@ def main():
         ipadefaultloginshell=dict(type='str', aliases=['loginshell']),
         ipadefaultemaildomain=dict(type='str', aliases=['emaildomain']),
         ipadefaultprimarygroup=dict(type='str', aliases=['primarygroup']),
+        ipagroupobjectclasses=dict(type='list', elements='str',
+                                   aliases=['groupobjectclasses']),
         ipagroupsearchfields=dict(type='list', elements='str',
                                   aliases=['groupsearchfields']),
         ipahomesrootdir=dict(type='str', aliases=['homesrootdir']),
@@ -342,6 +363,8 @@ def main():
                                       "hardened", "idp", "disabled"]),
         ipausersearchfields=dict(type='list', elements='str',
                                  aliases=['usersearchfields']),
+        ipauserobjectclasses=dict(type='list', elements='str',
+                                  aliases=['userobjectclasses']),
     )
 
     module = AnsibleModule(