benoitde@sympatico.ca wrote:
I tried to load a slapcat dump from OpenLDAP 2.3.27 into OpenLDAP 2.4.8, and had problems with java entries. I narrowed down the problem with this simple test case:
LDIF: dn: cn=REQ,dc=example,dc=com javaClassName: Toto objectClass: javaContainer objectClass: javaObject objectClass: javaNamingReference javaFactory: TotoFactory cn: REQ javaReferenceAddress: #0#VER#1
Load of this LDIF in OpenLDAP 2.3.27:
ldapadd -D"cn=Manager,dc=example,dc=com" -W -x -f /tmp/bug.ldif Enter LDAP Password: adding new entry "cn=REQUEST,dc=example,dc=com"
Works, but in OpenLDAP 2.4.8:
ldapadd -h myserver -p 1389 -D"cn=Manager,dc=example,dc=com" -W -x -f /tmp/bug.ldif Enter LDAP Password: adding new entry "cn=REQUEST,dc=example,dc=com" ldap_add: Object class violation (65) additional info: instanstantiation of abstract objectClass 'javaObject' not allowed
And the entry is not loaded.
The problem is that OpenLDAP 2.4 allows to add entries that contain ABSTRACT objectClasses, as soon as no non-ABSTRACT class is subtyped from them, which is clearly an error.
It all reduces to a missing negation in the ABSTRACT subclassing check, resulting in reversing the logic of the test.
Please test servers/slapd/schema_check.c 1.112 -> 1.113
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------