You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Martin Marcher <ma...@gmail.com> on 2007/05/10 11:44:46 UTC

multiple structural objectClasses valid?

hello,

I'm putting our autofs in ldap now and wanted to be extra smart and added

dn: ou=auto.master,dc=example,dc=com
objectClass: automountMap
objectClass: organizationalUnit
objectClass: top
ou: auto.master

now ldapstudio shows me that both automountMat and organizationalUnit
are structural. I read somewhere
(http://www.oav.net/mirrors/ldapv3.pdf page 22f not exactly a
reference but that was the first place i found it again) that this is
a violation for LDAP as there is only one structural objectClass
allowed and others should be auxiliary.

Do I have wrong infos here or did I find something?

cheers martin



-- 
Martin Marcher
martin.marcher@gmail.com
http://www.mycorners.com
https://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added

Re: multiple structural objectClasses valid?

Posted by Ersin Er <er...@gmail.com>.

On 5/10/07, Emmanuel Lecharny <el...@apache.org> wrote:
> Hi Ersin,
>
> Ersin Er a écrit :
>
> > Hi,
> >
> > LDAP allows a single branch of structural objectClasses hierarchy to
> > be added to an entry.
>
> Damn ! RFC 2252 states nothing about it :
>
> 4.4. Object Classes
>
>    The format for representation of object classes is defined in X.501
>    [3]. In general every entry will contain an abstract class ("top" or
>    "alias"), ***at least one structural object class***, and zero or more
>    auxiliary object classes...
>
>
>
> RFC 4512 is pretty clear :
>
> *2.4.2.  Structural Object Classes*
>
>    As stated in [X.501]:
>
>       An object class defined for use in the structural specification of
>       the DIT is termed a structural object class.  Structural object
>       classes are used in the definition of the structure of the names
>       of the objects for compliant entries.
>
>       An object or alias entry is characterized by precisely one
>       structural object class superclass chain which has a single
>       structural object class as the most subordinate object class.
>       This structural object class is referred to as the structural
>       object class of the entry.
>
>
> Which means that you can have more than one structural ObjectClass into
> an entry *IF* they are in an inheritence chain.
>
> For instance, you can have an entry with :
>
> InetOrgPerson (structural)
> OrganizationalPerson (structural)
> Person (structural)
> Top (Abstract).
>
> But in the sample given, we have a problem, because we have two
> inheritence chains :
> automountMap(structural) --> top (Abstract)
> and
> organizationalUnit (Structural) --> top( Abstract)
>
> and this is a bug.
>
> I repoen the issue I just closed...
>
> Thanks Ersin !

NP :-)

BTW I had already reopened the issue with same concerns.

> > So top, person, inetOrgPerson are possible
> > objectClass values for an entry, but you cannot add an
> > organizationalUnit in that group.
> >
> > If ApacheDS allows you to do something different, than just file a
> > Jira issue.
> >
> > On 5/10/07, Martin Marcher <ma...@gmail.com> wrote:
> >
> >> hello,
> >>
> >> I'm putting our autofs in ldap now and wanted to be extra smart and
> >> added
> >>
> >> dn: ou=auto.master,dc=example,dc=com
> >> objectClass: automountMap
> >> objectClass: organizationalUnit
> >> objectClass: top
> >> ou: auto.master
> >>
> >> now ldapstudio shows me that both automountMat and organizationalUnit
> >> are structural. I read somewhere
> >> (http://www.oav.net/mirrors/ldapv3.pdf page 22f not exactly a
> >> reference but that was the first place i found it again) that this is
> >> a violation for LDAP as there is only one structural objectClass
> >> allowed and others should be auxiliary.
> >>
> >> Do I have wrong infos here or did I find something?
> >>
> >> cheers martin
> >>
> >>
> >>
> >> --
> >> Martin Marcher
> >> martin.marcher@gmail.com
> >> http://www.mycorners.com
> >> https://www.xing.com/profile/Martin_Marcher
> >> http://www.linkedin.com/in/martinmarcher
> >> http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
> >> http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added
> >>
> >>
> >
> >
>
>


-- 
Ersin

Re: multiple structural objectClasses valid?

Posted by Emmanuel Lecharny <el...@apache.org>.

Hi Ersin,

Ersin Er a écrit :

> Hi,
>
> LDAP allows a single branch of structural objectClasses hierarchy to
> be added to an entry. 

Damn ! RFC 2252 states nothing about it :

4.4. Object Classes

   The format for representation of object classes is defined in X.501
   [3]. In general every entry will contain an abstract class ("top" or
   "alias"), ***at least one structural object class***, and zero or more
   auxiliary object classes...



RFC 4512 is pretty clear :

*2.4.2.  Structural Object Classes*

   As stated in [X.501]:

      An object class defined for use in the structural specification of
      the DIT is termed a structural object class.  Structural object
      classes are used in the definition of the structure of the names
      of the objects for compliant entries.

      An object or alias entry is characterized by precisely one
      structural object class superclass chain which has a single
      structural object class as the most subordinate object class.
      This structural object class is referred to as the structural
      object class of the entry.


Which means that you can have more than one structural ObjectClass into 
an entry *IF* they are in an inheritence chain.

For instance, you can have an entry with :

InetOrgPerson (structural)
OrganizationalPerson (structural)
Person (structural)
Top (Abstract).

But in the sample given, we have a problem, because we have two 
inheritence chains :
automountMap(structural) --> top (Abstract)
and
organizationalUnit (Structural) --> top( Abstract)

and this is a bug.

I repoen the issue I just closed...

Thanks Ersin !

> So top, person, inetOrgPerson are possible
> objectClass values for an entry, but you cannot add an
> organizationalUnit in that group.
>
> If ApacheDS allows you to do something different, than just file a 
> Jira issue.
>
> On 5/10/07, Martin Marcher <ma...@gmail.com> wrote:
>
>> hello,
>>
>> I'm putting our autofs in ldap now and wanted to be extra smart and 
>> added
>>
>> dn: ou=auto.master,dc=example,dc=com
>> objectClass: automountMap
>> objectClass: organizationalUnit
>> objectClass: top
>> ou: auto.master
>>
>> now ldapstudio shows me that both automountMat and organizationalUnit
>> are structural. I read somewhere
>> (http://www.oav.net/mirrors/ldapv3.pdf page 22f not exactly a
>> reference but that was the first place i found it again) that this is
>> a violation for LDAP as there is only one structural objectClass
>> allowed and others should be auxiliary.
>>
>> Do I have wrong infos here or did I find something?
>>
>> cheers martin
>>
>>
>>
>> -- 
>> Martin Marcher
>> martin.marcher@gmail.com
>> http://www.mycorners.com
>> https://www.xing.com/profile/Martin_Marcher
>> http://www.linkedin.com/in/martinmarcher
>> http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
>> http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added 
>>
>>
>
>

Re: multiple structural objectClasses valid?

Posted by Ersin Er <er...@gmail.com>.

Hi,

LDAP allows a single branch of structural objectClasses hierarchy to
be added to an entry. So top, person, inetOrgPerson are possible
objectClass values for an entry, but you cannot add an
organizationalUnit in that group.

If ApacheDS allows you to do something different, than just file a Jira issue.

On 5/10/07, Martin Marcher <ma...@gmail.com> wrote:
> hello,
>
> I'm putting our autofs in ldap now and wanted to be extra smart and added
>
> dn: ou=auto.master,dc=example,dc=com
> objectClass: automountMap
> objectClass: organizationalUnit
> objectClass: top
> ou: auto.master
>
> now ldapstudio shows me that both automountMat and organizationalUnit
> are structural. I read somewhere
> (http://www.oav.net/mirrors/ldapv3.pdf page 22f not exactly a
> reference but that was the first place i found it again) that this is
> a violation for LDAP as there is only one structural objectClass
> allowed and others should be auxiliary.
>
> Do I have wrong infos here or did I find something?
>
> cheers martin
>
>
>
> --
> Martin Marcher
> martin.marcher@gmail.com
> http://www.mycorners.com
> https://www.xing.com/profile/Martin_Marcher
> http://www.linkedin.com/in/martinmarcher
> http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
> http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added
>


-- 
Ersin