Am 22.03.2013 um 14:06 schrieb "Keutel, Jochen (mlists)" <[email protected]>:
> Hello, > if I add an entry like this: > > dn: cn=jk,dc=test > objectClass: inetOrgPerson > cn: jk > sn: jk > > This works fine. Esp. the superclasses seem to be added "on the fly": > Searching this entry with filter "objectClass=person" works fine. > > However - when I read this entry I'd expect that all objectClasses are given > back. So I expected: > > dn: cn=jk,dc=test > objectClass: inetOrgPerson > objectClass: organizationalPerson > objectClass: person > objectClass: top > cn: jk > sn: jk > > But I only got: > > dn: cn=jk,dc=test > objectClass: inetOrgPerson > cn: jk > sn: jk > > I don't think that this is correct: Reading an entry should return ALL values > of attribute objectClass - not only the value given when adding this entry. > > Note: When I provide inetOrgPerson AND organizationalPerson while adding the > entry also only these two values are given back when reading. > > What do other think: Is the OpenLDAP behaviour correct? I don't think so, because RFC 4512, section 3.3 says: "When creating an entry or adding an 'objectClass' value to an entry, all superclasses of the named classes SHALL be implicitly added as well if not already present. [...]" If I'm interpreting this correctly, the OpenLDAP behaviour is a bug. Best regards, Manuel
