The issue right now is caused by the fact that comparing present
values with the asserted one causes objectSubClassMatch() to check for
match including superiors.
This looks like a bug to me. objectClass has EQUALITY matching rule
objectIdentifierMatch, which does not follow the object class
inheritance chain. See RFC 4517 section 4.2.26. RFC 4512 section 3.3
(the 'objectClass' attribute) does not special-case this.
What makes slapd work is that it also disobeys RFC 4512 section 3.3:
"When creating an entry or adding an 'objectClass' value to an entry,
all superclasses of the named classes SHALL be implicitly added as
well if not already present."
This doesn't say the classes shall be considered to be implicitly
present, like slapd does. Instead slapd should add the missing classes
to the actual object, just like it adds some other attribute/values
implicitly (createTimestamp, subschemaSubentry, etc).
I don't know what to do about it now though. Will replication work
between current servers and servers which obeys the RFCs? Is this a RE25
fix, so we should stay with fixed like previously suggested in RE24? Or
yet another thing to do with the last RE23, for the sake of replication?