[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd permits unknown object classes with "schemacheck on"

I thought about this for a bit and concluded that the objectClass attribute
itself must be exempt from schema checks (I've noticed the same behavior
lately while playing with Samba TNG).  Thus you're free to invent on the fly
as many zero-attribribute objectclasses as you want.  The most obvious
application of this is as a boolean data-type.  Are there any reasons why
this might be a bad idea?

Are deeper mysteries afoot?


Thomas J Pinkl wrote:

> While playing with the MigrationTools from padl.com, I noticed that
> slapd in OpenLDAP 1.2.11 allows you to add entries of unknown objectClass
> when "schemacheck on" is specified in slapd.conf.
> For example, it allows the addition of this entry:
>     dn: cn=MAILER-DAEMON,ou=aliases,dc=domain,dc=com
>     rfc822MailMember: root
>     objectClass: top
>     objectClass: nisMailAlias
> even though "nisMailAlias" is not defined as an object class in any of
> the schema configuration files.
> Is this the expected behavior?
> --
> Thomas J. Pinkl                         738 Louis Drive
> Unix Systems Programmer                 Warminster, Pa 18974
> Health Business Systems, Inc.           (215) 442-9300 x9260

  Charles N. Owens                               Email: owensc@enc.edu
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx