[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schemacheck does not check unknown classes (ITS#431)



At 11:33 AM 1/27/00 GMT, soggie@starlab.net wrote:
>Full_Name: Ivo Clarysse
>Version: 1.2.7
>OS: RedHat Linux 6.0
>URL: 
>Submission from: (NULL) (212.8.177.25)
>
>
>Setting 'schemacheck on' does not prevent OpenLDAP from accepting entries with
>undefined ObjectClasses.

The fact that an entry lists an objectclass not known by the
server implies that the schema check itself cannot be completed.
In OpenLDAP 1.x, an entry with an unknown objectclass is treated
as being an extensible object, that is, all attribute types are
allowed.  This is primary done to support replication between
servers where the slave may not have the same schema as the
master.  I agree that the behavior is somewhat odd and that
it should be addressed in 2.x  For 1.x, I can offer a patch
to which after applying you can configure using:
  env CPPFLAGS=-DSLAPD_UNDEFINED_OC_IS_NOT_EXTENSIBLE ./configure ....

to have undefined objectclasses not imply the object is
extensible.  The patch, however, does not disallow undefined
objectclass values.

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema.c.diff?r1=1.4.2.2.2.1&r2=1.4.2.2.2.2

As far as ITS#101 goes... submitter was asked if problem
was resolved by newer versions.  As the submitter did not
responded, the issue was assumed resolved and the matter
closed.  Thanks for pointing out that the issue is still
valid.

Kurt