> Date: Wed, 18 Dec 2002 11:02:56 GMT
> From: rganesan@vsnl.net
> To: openldap-its@OpenLDAP.org
> Subject: Invalid Add operations allowed
>
> Full_Name: Ganesan R
> Version: 2.1.9
> OS: Debian GNU/Linux 3.0
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (128.107.253.38)
>
>
> Hi,
>
> All versions of openldap allow the creation of a dn with a cn attribute even if
> the objectclass doesn't include a cn. For example, I can add the following
> object without an error.
>
> ---
> dn: cn=mycountry,dc=mycompany,dc=com
> objectclass: country
> c: mycountry
> ---
>
> In case of a locality, which does not even locality as a MUST attribute,
> the following ldif can be added successfully.
>
> ---
> dn: cn=mylocality,dc=mycompany,dc=com
> objectclass: locality
> ---
>
> This bug exists for any objectclass that doesn't have cn as a must attribute.
> You can also add a locality without specifying 'l' in the list of attributes,
> since l is not a MUST attribute. I don't know if LDAP allows creation of
> an object with no attribute being present for the RDN.
>
> ---
> dn: l=mylocality,dc=mycompany,dc=com
> objectclass: locality
> ---
The right solution for this is adding rdn implicitly then it omitted in
ldif,
as IPlanet does on add/modrdn, and OpenLDAP does on modrdn.
Btw, last example is correct in this case... we can add such entry, but
when we
search for it, we must get
---
dn: l=mylocality,dc=mycompany,dc=com
objectclass: locality
l: mylocality #actually this added automatically
by server
#at object creation time.
---
in the next case it's just essential to add rdn automatically _before_
schemacheck.
---
dn: cn=mycountry,dc=mycompany,dc=com
objectclass: country
c: mycountry
cn: mycountry #and this will be rejected by
schemacheck.
---
> Ganesan
SMTP /Perece/.