[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
schemacheck does not check unknown classes (ITS#431)
Full_Name: Ivo Clarysse
Version: 1.2.7
OS: RedHat Linux 6.0
URL:
Submission from: (NULL) (212.8.177.25)
Setting 'schemacheck on' does not prevent OpenLDAP from accepting entries with
undefined ObjectClasses.
Ie. in the default 1.2.7 distribution there is no 'InetOrgPerson' objectclass,
nor a 'loginshell' attribute defined anywhere.
Yet, slapd does not complain when adding the following entry:
cn: uid=tu,ou=People,dc=starlab,dc=net
objectclass: top
objectclass: posixAccount
objectclass: account
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgperson
ou: People
o: Starlab NV/SA
uid: tu
cn: Test User
givenname: Test
sn: User
userpassword: {crypt}axbljkgkwss
uidnumber: 506
gidnumber: 506
gecos: Test User
homedirectory: /home/tu
loginshell: /bin/bash
mail: tu@starlab.net
c: BE
telephonenumber: +32-2-7400740
facsimiletelephonenumber: +32-2-7429654
street: Sint-Michielslaan 47
l: Etterbeek
postalcode: B-1040
(When for example 'cn' is omitted, slapd *does* complain, as objectclass
'person' is defined in slapd.oc.conf.)
My slapd.conf:
include /etc/ldap/slapd.at.conf
include /etc/ldap/slapd.oc.conf
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database ldbm
directory /var/ldap
suffix "dc=starlab, dc=net"
rootdn "cn=root, dc=starlab, dc=net"
rootpw {CRYPT}*********
schemacheck on
index cn,sn,ou pres,eq,approx
defaultaccess read
access to attr=userpassword
by self write
by * compare
(slapd.at.conf and slapd.oc.conf as per 1.2.7 distribution, unchanged)
This bug is also reported in ITS#101, where it is listed as Closed and believed
to be fixed in 1.2.4. At least in 1.2.7, it's not fixed..