[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema & Strucutal objecclass in 2.1.X (Re: setting up LDAP question)

Pierangelo Masarati a écrit :
> > What astonish me is that even schemas that comes with openldap 2.1.8
> > don't seem to respect those scpecifications, eg I get problems with
> > posixAccount objectclass and kerberosSecurityObject!.
> schema file sthat come with OpenLDAP 2.1.8 are defined in
> standard track documents; it is not OpenLDAP responsibility
> if their design is flawed, or if you use them in an
> inappropriate manner.  You cannot use two structural
> objectclasses in the same entry; this is stated by the
> LDAP protocol, so if your needs cannot be satisfied by
> the protocol you may consider using another one instead
> of complaining about FREE software.

I am not complaining about FREE software ! I really appreciate using it,
don't misunderstand what I am asking here. I'am just seeking document
which would explain me why my ldap database isn't suitable for openldap
2.1.X. If openldap used to accept thing that now are unacceptable due to
the respect of the RFCs, it would be great to get advices when you are
novice to these problems.

>From what I read and what you told me, I concluded that "I cannot use
two structural objectclasses in the same entry" except if these
objectclass are in the same family of inheritence right ?
Exemple, these 3 objectclass declaration in an entry are acceptable ?

objectclass ( NAME 'person'
        SUP top STRUCTURAL

objectclass ( NAME 'organizationalPerson'
        SUP person STRUCTURAL

objectclass     ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson'
    SUP organizationalPerson STRUCTURAL

Actually in the long list of my entries objectclass, only
kerberosSecurityObject seemed to cause the problem:

objectclass ( NAME 'kerberosSecurityObject' SUP
        DESC 'A uid with an associated Kerberos principal'
        MUST ( krbName ) )

with krbName attribute used to be in core.schema, changing it to
AUXILIARY resolved it :-)
As it is stocked in /etc/openldap/schema/redhat/kerberosobject.schema, I
suspect that it has been added in the RedHat openldap RPMS !? and that
RedHat RPMS should be patche or change to take care of this .

By the way, are there source RPMS (SRPMS) of 2.1.X openldap somewhere ? 


> > Do I have to rewrite all the objectclass definitions ? or change all my
> > entries objectclass ?
> You do not have to redesing any objectclass; you have to use
> them in the appropriate manner
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it

Jehan Procaccia
Institut National des Telecommunications| Email:
MCI, Moyens Communs Informatiques	| Tel  : +33 (0) 160764436 
9 rue Charles Fourier 91011 Evry France | Fax  : +33 (0) 160764321