Re: Quick Start Guide

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

Simon Murcott wrote:
>    Simon Murcott wrote:
>    > Under the "Add initials items..." section you have an object with two
>    > "objectClass"es in it. When using multiple "objectClass" attributes one should
>    > first add "objectClass: top".
> 
>    Actually, I disagree.  When adding an entry you should specify one structural
>    object class and any number of auxilary object classes.  You should avoid
>    listing abstract object classes such as top.  The server will do The Right Thing (tm).
> 
>    With LDAPv2 (such as OpenLDAP 1.x), the server can just accept the input after
>    doing it's schema checks.  Servers may or may not add unlisted superior object
>    classes to the entry.  (OpenLDAP 1.2 implements "not").
> 
>    With LDAPv3, the server is required to add all unlisted superior object classes
>    of the named object classes upon add/modify of the entry.  This behavior is
>    specified in RFC 2251, 3.2.1.   This behavior is being implemented in -devel
>    for release with OpenLDAP 2.0.
> 
> So are you trying to say that under LDAPv2 one does not need "objectClass: top"
> but under LDAPv3 one does?

No, both LDAPv2 and LDAPv3 need the concept of "top" as it important part of the
LDAP (X.500) information model.

However, LDAPv2 does not require "top" be explicitly listed as one of the
values of the objectclass attribute type of any entry.  As it not required
to be listed by the server, it's commonly not stored by the server unless
explicitly listed by the client.  Searching most LDAPv2 servers for "(objectclass=top)"
will likely only match entries to which the "top" has been explicitly listed by clients.
"(objectclass=*)" should be used instead.

Kurt