Re: OpenLDAP's implementation of LDAP specs

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:27 PM 10/19/2004, Kevin wrote:
>In reading the Netscape Directory Server Deployment Guide (great
>reference BTW), I ran across this statement:
>============
>Note. While the LDAP specs call for an object class structure, the
>Netscape Directory Server does not currently enforce it. However, there
>is no guarantee that the Directory Server will not enforce these
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>structures in the future. Therefore, you should always conform to the
>                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>object class structure when designing and populating your directory.
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>============
>
>My question for the list is: do the same (underlined) statements apply
>for OpenLDAP?

The gist of the statement applies generally to all server
implementations.  Just because some version of the server
doesn't enforce a particular LDAP schema rule, doesn't
not imply that a later version will not.  Regardless of
whether any server enforces a particular requirement of
LDAP, clients should adhere to LDAP schema rules.

Newer versions of slapd(8) are better at enforcing the rules.

>My experience tells me that doing what this example does
>is not required when populating an OpenLDAP directory (I would just have
>objectClass: inetOrgPerson), but should I be doing it anyway with
>OpenLDAP?

Clients are not required to list in objectClass superior
classes of listed classes.  This has nothing to do with
the structural object class requirements.  I suggest you
read draft-ietf-ldapbis-models-xx.txt (in doc/drafts) for
a discussion of the structural object class requirements.
The FAQ also has some answers in this area.