> Also as a general rule the X.500 data model requires that a
server store and return exactly what the user provided.
please tell me where in X.500 you find this. I couldn't find it.
Instead I found (X.501 (2008), chapter 13.3.2 ("
The object class attribute")
:
"Every entry shall contain an attribute of type objectClass to
identify the object classes and superclasses to which the entry
belongs. The definition of this attribute is given in 13.4.8. This
attribute is multi-valued.
There shall be one value of the objectClass attribute for the
entry's structural object class and a value for each of its
superclasses. top may be omitted."
This means - in my understanding - that the server has to set these
values for the attribute object class - one per superclass.
Regards, Jochen.
Am 22.03.2013 21:02, schrieb Howard
Chu:
Michael
Ströder wrote:
Manuel Gaupp wrote:
I don't think so, because RFC 4512,
section 3.3 says:
"When creating an entry or adding an 'objectClass' value to
an entry,
all superclasses of the named classes SHALL be implicitly
added as
well if not already present. [...]"
If I'm interpreting this correctly, the OpenLDAP behaviour is
a bug.
Well, "implicitly added" is a bit vague to call it a bug since
the entries are
returned when searching for the superior object class.
In the sense that "implicit" is the opposite of "explicit" the
OpenLDAP behavior is exactly correct. Also as a general rule the
X.500 data model requires that a server store and return exactly
what the user provided.