objectclass modifications

[Jim Sermersheim <JIMSE@novell.com>]

Hi all.

I'm a little worried about what will happen when we actually try to share data between LDAP servers.  The reason is, some deployments have modified well known objectclsases (like "top" for example) to include additional optional attributes.  I can see this leading to schema violation errors when trying to import LDIF information.

X.501 (section 14.5) says:
"The definition of information objects such as object classes, attribute types, matching rules and name forms which have been registered (i.e. assigned a name of type object identifier) are static and cannot be modified. Changes to the semantics of such information objects requires the assignment of new object identifiers."

RFC2251 reflects this with somewhat looser language in 4.4:
"An objectclass definition should not be changed without having a new identifier assigned to it".

Some servers allow this to happen, some even include modifications to standardized objectclasses in their preconfigured schema.  They don't require the name nor the OID to change.

I see a couple problems dealing with replication and data sharing.  A server which imports LDIF, might look at object class oids when determining whether to add the objectclass to its schema.  If the oid exits in its schema, it will not add the objectclass.  This could cause schema violations.  Other servers may not allow objectclass modifications.

I really don't know how other servers import schema, nor how many allow objectclass modifications.  Does anyone else see this as a potential problem and/or want to talk about solutions?

Jim