[Date Prev][Date Next] [Chronological] [Thread] [Top]

ObjectClass inheritance (Was: Slappadd is tolerant with wrong ldif files (openldap 2.2.19). Is it possible to make it strict ?)

To: Johan.GUIHENEUF@external.thalesgroup.com
Subject: ObjectClass inheritance (Was: Slappadd is tolerant with wrong ldif files (openldap 2.2.19). Is it possible to make it strict ?)
From: Pierangelo Masarati <ando@sys-net.it>
Date: Fri, 03 Mar 2006 10:54:44 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <66CE949D18BCB249ABE8D9AF48C4F1CE06C6C275@helios.clb.tcfr.thales>
References: <66CE949D18BCB249ABE8D9AF48C4F1CE06C6C275@helios.clb.tcfr.thales>

On Thu, 2006-03-02 at 13:57 +0100,
Johan.GUIHENEUF@external.thalesgroup.com wrote:
> Hello,
> 
> I populate my openldap directory using slapadd with a ldif file released by someone else. It appears that, in that ldif file, the inetorgperson objects do not have the objectclasses organizationalPerson, person and top. There is no error during slapadd. Slapd works fine, but some programs that access to my directory are stricter thant slapadd and fail for the following reason: as there is no objectclass: top line in the object, the program does not allow the object to have objectclass attribute.
> 
> The RFC 2256 says that an object representing a user must have at least two objectclass attributes and one of them must be top or alias. I understand that slapadd imports objects that do not conform to RFC 2256.
> 
> I searched on openldap.org if it is possible to configure slapadd to be more strict with the ldif file but I did not find anything about that problem.
> 
> The version of OpenLDAP I use is 2.2.19, on Windows XP.
> 
> Is there an option to make slapadd really strict with the imported ldif file ?

Your subject is incorrect; an entry of class inetOrgPerson does not need
to list all ancestors of that class (top, person, organizationalPerson)
because objectClass inheritance implies the whole superclass chain
(according to X.501, as stated in draft-ietf-ldapbis-models).  The fact
that other software (including earlier versions of OpenLDAP) do not
honor objectClass inheritance does not imply that OpenLDAP's slapd is
behaving incorrectly.  If for any reason you prefer to explicitly list
the whole chain for each entry, I suggest you manually (or
programmatically) modify the LDIF file before adding it to the database
via slapadd(8).

p.

Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- Slappadd is tolerant with wrong ldif files (openldap 2.2.19). Is it possible to make it strict ?
  - From: Johan.GUIHENEUF@external.thalesgroup.com

Prev by Date: Re: Branche on Sql-Backend
Next by Date: Re: overlay ppolicy not work
Index(es):
- Chronological
- Thread