[Date Prev][Date Next] [Chronological] [Thread] [Top]

schemacheck does not check unknown classes (ITS#431)

Full_Name: Ivo Clarysse
Version: 1.2.7
OS: RedHat Linux 6.0
Submission from: (NULL) (

Setting 'schemacheck on' does not prevent OpenLDAP from accepting entries with
undefined ObjectClasses.

Ie. in the default 1.2.7 distribution there is no 'InetOrgPerson' objectclass,
nor a 'loginshell' attribute defined anywhere.

Yet, slapd does not complain when adding the following entry:

cn: uid=tu,ou=People,dc=starlab,dc=net
objectclass: top
objectclass: posixAccount
objectclass: account
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgperson
ou: People
o: Starlab NV/SA
uid: tu
cn: Test User
givenname: Test
sn: User
userpassword: {crypt}axbljkgkwss
uidnumber: 506
gidnumber: 506
gecos: Test User
homedirectory: /home/tu
loginshell: /bin/bash
mail: tu@starlab.net
c: BE
telephonenumber: +32-2-7400740
facsimiletelephonenumber: +32-2-7429654
street: Sint-Michielslaan 47
l: Etterbeek
postalcode: B-1040

(When for example 'cn' is omitted, slapd *does* complain, as objectclass
'person' is defined in slapd.oc.conf.)

My slapd.conf:

include		/etc/ldap/slapd.at.conf
include		/etc/ldap/slapd.oc.conf
pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args
database	ldbm
directory	/var/ldap
suffix		"dc=starlab, dc=net"
rootdn		"cn=root, dc=starlab, dc=net"
rootpw		{CRYPT}*********
schemacheck	on
index           cn,sn,ou        pres,eq,approx
defaultaccess	read
access	to attr=userpassword
	by self write
	by * compare

(slapd.at.conf and slapd.oc.conf as per 1.2.7 distribution, unchanged)

This bug is also reported in ITS#101, where it is listed as Closed and believed
to be fixed in 1.2.4.  At least in 1.2.7, it's not fixed..