Am 22.03.2013 um 14:06 schrieb "Keutel, Jochen (mlists)" mlists@keutel.de:
Hello, if I add an entry like this:
dn: cn=jk,dc=test objectClass: inetOrgPerson cn: jk sn: jk
This works fine. Esp. the superclasses seem to be added "on the fly": Searching this entry with filter "objectClass=person" works fine.
However - when I read this entry I'd expect that all objectClasses are given back. So I expected:
dn: cn=jk,dc=test objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: jk sn: jk
But I only got:
dn: cn=jk,dc=test objectClass: inetOrgPerson cn: jk sn: jk
I don't think that this is correct: Reading an entry should return ALL values of attribute objectClass - not only the value given when adding this entry.
Note: When I provide inetOrgPerson AND organizationalPerson while adding the entry also only these two values are given back when reading.
What do other think: Is the OpenLDAP behaviour correct?
I don't think so, because RFC 4512, section 3.3 says:
"When creating an entry or adding an 'objectClass' value to an entry, all superclasses of the named classes SHALL be implicitly added as well if not already present. [...]"
If I'm interpreting this correctly, the OpenLDAP behaviour is a bug.
Best regards, Manuel