[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd permits unknown object classes with "schemacheck on"
I thought about this for a bit and concluded that the objectClass attribute
itself must be exempt from schema checks (I've noticed the same behavior
lately while playing with Samba TNG). Thus you're free to invent on the fly
as many zero-attribribute objectclasses as you want. The most obvious
application of this is as a boolean data-type. Are there any reasons why
this might be a bad idea?
Are deeper mysteries afoot?
cno
Thomas J Pinkl wrote:
> While playing with the MigrationTools from padl.com, I noticed that
> slapd in OpenLDAP 1.2.11 allows you to add entries of unknown objectClass
> when "schemacheck on" is specified in slapd.conf.
>
> For example, it allows the addition of this entry:
>
> dn: cn=MAILER-DAEMON,ou=aliases,dc=domain,dc=com
> cn: MAILER-DAEMON
> rfc822MailMember: root
> objectClass: top
> objectClass: nisMailAlias
>
> even though "nisMailAlias" is not defined as an object class in any of
> the schema configuration files.
>
> Is this the expected behavior?
>
> --
> Thomas J. Pinkl 738 Louis Drive
> Unix Systems Programmer Warminster, Pa 18974
> Health Business Systems, Inc. (215) 442-9300 x9260
--
-------------------------------------------------------------------------
Charles N. Owens Email: owensc@enc.edu
http://www.enc.edu/~owensc
Network & Systems Administrator
Information Technology Services "Outside of a dog, a book is a man's
Eastern Nazarene College best friend. Inside of a dog it's
too dark to read." - Groucho Marx
-------------------------------------------------------------------------