[Date Prev][Date Next] [Chronological] [Thread] [Top]

About superclasses and objectclass inheritance

Hello list,

Please, could the ones who know tell me more about superclasses and
objectclass inheritance mechanisms as they are implemented in OpenLDAP ?

My concern is, why, despite objectclass organizationalPerson is the
superclass of inetOrgPerson, if there are inetOrgPerson entries in an OpenLDAP
server can't I get them with the following query :

$ ldapsearch -h localhost -b 'dc=mysite,dc=net' \
-x -D 'cn=Manager,dc=mysite,dc=net' -w secret \

I've already looked for messages in the list archive on the subject, but
only found 2 messages dating from April and May 1999 that don't help me
that much :
 * Re: changing default: schemacheck on 
 * Re: help: understanding objectclasses and schemas

RFC 2251 has also a very short paragraph about it :
   Each entry MUST have an objectClass attribute.
   When creating an entry or adding an objectClass value to
   an entry, all superclasses of the named classes are IMPLICITLY ADDED
   AS WELL IF NOT ALREADY PRESENT, and the client must supply values for
   any mandatory attributes of new superclasses.

My understanding of the RFC is that when a client adds an entry to the
LDAP server, the server should add all the superclasses as objectclass
attributes to the given entry.

Some tests show that OpenLDAP 2.0.x and 2.1.x don't have that behavior,
or at least I couldn't find it out. Is this behavior truly missing ?

Would it be possible/desirable to have a configuration to have such a
mechanism ?

How do you people bypass this inheritance limitation when doing your
queries ?


Marc-Aurèle DARCHE  <http://www.cynode.org>
AFUL <http://www.aful.org>
Association Francophone des Utilisateurs de Linux/Logiciels Libres
French speaking Linux and Libre Software Users' Association