[Date Prev][Date Next] [Chronological] [Thread] [Top]

Schema violations not caught (ITS#398)

Full_Name: Christopher DuPuis
Version: 1.2.7 and 1.2.8
OS: Solaris 2.6 (both x86 and Sparc)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

It is possible to add badly formed entries using either ldif2ldbm or ldapadd,
regardless of whether or not "schemacheck" is set to "on" or "off".

In slapd.conf, I changed schemacheck to "on", changed the suffix to "dc=syntax,
and changed rootDN to "cn=manager, dc=syntax, dc=com".

Then, I used ldif2ldbm to load the following LDIF into the directory:

dn: dc=syntax, dc=com
dc: syntax
objectclass: top
objectclass: domain

dn: cn=blargfoo, dc=syntax, dc=com
objectclass: bogusObjectClass
cn: blargfoo
qux: 12345

The second entry should cause an error, since I am using only the default oc and
at files. 
However, this succeeded. ldapsearch shows that both objects are in the
I can also add "cn=blargfoo, dc=syntax, dc=com", as above, to a running
directory using ldapadd.