Full_Name: Hallvard B Furuseth Version: HEAD OS: Linux URL: Submission from: (NULL) (129.240.6.233) Submitted by: hallvard
If objectclass B is a subclass of A, and an entry contains objectclass B but not A, slapd returns attributeOrValueExists to a request to add A. OTOH it allows replace(objectClass: <A, B>), and after that it allows delete(objectClass: A). This is inconsistent.
If the objectClass attribute contains B, does it "really" contain A as well? I couldn't find such a statement in the RFCs, so my guess is that add(objectClass: A) should be allowed. Though I haven't looked all that hard.
Example:
ldapadd -cx <<'EOF' # Create initial object dn: c=NO objectClass: friendlyCountry c: NO co: Norway
# error dn: c=NO changetype: modify add: objectClass objectClass: top -
# error dn: c=NO changetype: modify add: objectClass objectClass: country -
# success dn: c=NO changetype: modify replace: objectClass objectClass: top objectClass: country objectClass: friendlyCountry -
# success dn: c=NO changetype: modify delete: objectClass objectClass: top -
# success dn: c=NO changetype: modify delete: objectClass objectClass: country - EOF
-
h.b.furuseth@usit.uio.no