Re: About superclasses and objectclass inheritance

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 09:37 AM 2002-08-27, M.-A. DARCHE wrote:
>Hello list,
>
>Please, could the ones who know tell me more about superclasses and
>objectclass inheritance mechanisms as they are implemented in OpenLDAP ?
>
>My concern is, why, despite objectclass organizationalPerson is the
>superclass of inetOrgPerson, if there are inetOrgPerson entries in an OpenLDAP
>server can't I get them with the following query :
>
>$ ldapsearch -h localhost -b 'dc=mysite,dc=net' \
>-x -D 'cn=Manager,dc=mysite,dc=net' -w secret \
>'(objectclass=organizationalPerson)'

Is test003 passing?  It contains a case for this functionality.

>RFC 2251 has also a very short paragraph about it :
>   Each entry MUST have an objectClass attribute.
>   ...
>   When creating an entry or adding an objectClass value to
>   an entry, all superclasses of the named classes are IMPLICITLY ADDED
>   AS WELL IF NOT ALREADY PRESENT, and the client must supply values for
>   any mandatory attributes of new superclasses.
>
>My understanding of the RFC is that when a client adds an entry to the
>LDAP server, the server should add all the superclasses as objectclass
>attributes to the given entry.

Well, that's one interpretation.  The other is that they are
simply implicit in the entry's objectClass specification.  This
interpretation, I believe, is more consistent with the rest of
the technical specification.

Anyways, whether superiors of listed classes are listed or not
doesn't impact object class assertions.  That is, asserting
(objectClass=person) should match an entry which only lists
inetOrgPerson.

>Some tests show that OpenLDAP 2.0.x and 2.1.x don't have that behavior,
>or at least I couldn't find it out. Is this behavior truly missing ?

Take a look at test003.

Of course, you could be suffering from some other problem...
such as corrupt indices.  If not using a current version of
OpenLDAP (2.0.25 or 2.1.4), you should consider upgrading.

Kurt