[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3798) MAY is MUST ?

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3798) MAY is MUST ?
From: ando@sys-net.it
Date: Sat, 25 Jun 2005 13:29:58 GMT

>  hello,
>
>  when i try to add an entry to the ldap, i got : entry failed schema
>  check: object class 'qmailUser' requires attribute 'sn'
>
>  but the qmailUser is : objectclass ( 1.3.6.1.4.1.8868.3.1 NAME
>  'qmailUser' DESC 'qmail local mail recipient' SUP ( top $ person $
>  organizationalPerson ) MAY ( qmailGID $ qmailUID $ qmaildomain $
>  mailQuota $ mailMessageStore $ clearPassword $ uid $ name $ sn $ cn $
>  mail $ gn) )
>
>  the MAY indicates it's optional (i think so).
>
>  any clue ?


Yes: "sn" is MUST in "person", which "qmailUser" is derived from.  
According to <draft-ietf-ldapbis-models>, derived objectClasses may turn 
MAY attributes into "MUST" attributes, but "MUST" attributes of ancestor 
classes cannot be turned into "MAY" by a descendant class.  So, as far 
as I understand the specifications, the above objectClass definition for 
"qmailUser" is malformed, i.e. "cn" and "sn" cannot be "MAY" since 
they're already "MUST" in "person".

By no means this indicates a software issue with OpenLDAP, so this ITS 
will be closed.

p.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3796) slapd core on slapcat -b cn=conf
Next by Date: Re: (ITS#3798) MAY is MUST ?
Index(es):
- Chronological
- Thread