[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: object class values in a read or search result

To: "Keutel, Jochen (mlists)" <mlists@keutel.de>
Subject: Re: object class values in a read or search result
From: Manuel Gaupp <mgaupp@googlemail.com>
Date: Fri, 22 Mar 2013 19:08:38 +0100
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :cc:content-transfer-encoding:message-id:references:to:x-mailer; bh=OhV5nWrwhAR+mARstinBEgpPMJV8IbK1JJMrcKXeVhs=; b=IZ63+mbY28gP3sHWFq9DGz80pEB8UN8DJqKwP7bN2pBukOnUOl0W7YIsI49KDcZEGk iE7DRS/8E9NPJz77mFpoz0JJBT8mSr1fonhvbWLw/b4q1Mdm8SzvNP/iJ3hbUCX6U1bF OAucKmQMvWr/2yY3BXbGW3xDXOr2sipcD5GyRuGt1ZD6IGRl8H10rbqnLwKcZNG+ORQm Y/Wzt/0m33DugFl3i0cFOdo3IeJ8spvP/AgImHB6DCZan63pPBKozZmoqU/N6IaOqe89 pFQQ9IJ9KGj/VHAqRm63svHNSi+2BJPGnVyMKVTXqyTEkRa6iU66EBtTuOpDT24iO2LS Ft2w==
In-reply-to: <514C5756.9090101@keutel.de>
References: <514BED3C.7080404@gmail.com> <CAHieY7T2-TLEKYv7LLXm=oms--cfa5Lt-qnb=bbUQQ7S_pWqbQ@mail.gmail.com> <514C5756.9090101@keutel.de>

Am 22.03.2013 um 14:06 schrieb "Keutel, Jochen (mlists)" <mlists@keutel.de>:

> Hello,
>  if I add an entry like this:
> 
> dn: cn=jk,dc=test
> objectClass: inetOrgPerson
> cn: jk
> sn: jk
> 
> This works fine. Esp. the superclasses seem to be added "on the fly": Searching this entry with filter "objectClass=person" works fine.
> 
> However - when I read this entry I'd expect that all objectClasses are given back. So I expected:
> 
> dn: cn=jk,dc=test
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: jk
> sn: jk
> 
> But I only got:
> 
> dn: cn=jk,dc=test
> objectClass: inetOrgPerson
> cn: jk
> sn: jk
> 
> I don't think that this is correct: Reading an entry should return ALL values of attribute objectClass - not only the value given when adding this entry.
> 
> Note: When I provide inetOrgPerson AND organizationalPerson while adding the entry also only these two values are given back when reading.
> 
> What do other think: Is the OpenLDAP behaviour correct?

I don't think so, because RFC 4512, section 3.3 says:

  "When creating an entry or adding an 'objectClass' value to an entry,
   all superclasses of the named classes SHALL be implicitly added as
   well if not already present. [...]"

If I'm interpreting this correctly, the OpenLDAP behaviour is a bug.

Best regards,
Manuel

Follow-Ups:
- Re: object class values in a read or search result
  - From: Michael Ströder <michael@stroeder.com>

References:
- openldap and AD sync
  - From: 杨峰 <hoking.yang@gmail.com>
- Re: openldap and AD sync
  - From: Alejandro Imass <aimass@yabarana.com>
- object class values in a read or search result
  - From: "Keutel, Jochen (mlists)" <mlists@keutel.de>

Prev by Date: Re: Re[4]: Synchronization of OpenLDAP with other application
Next by Date: Re: object class values in a read or search result
Index(es):
- Chronological
- Thread