Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1797

Possible to add entries with invalid objectclass if structural objectclass checking is off

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.4, 2.6.2
    • Fix Version/s: 3.0.0, 2.8.0
    • Component/s: None
    • Labels:
    • Support Ticket IDs:

      Description

      Tested on OpenDJ 2.6.2 and b2.6 as-of today (10th Feb)

      This may or may not be intended behaviour. It seems that when ds-cfg-single-structural-objectclass-behavior is set to accept/warn and a structural objectclass is not present, OpenDJ does not check for valid objectclasses either. If a structural objectclass is present, it does check validity of objectclasses.

      ds-cfg-check-schema: true
      ds-cfg-invalid-attribute-syntax-behavior: reject
      ds-cfg-single-structural-objectclass-behavior: accept

      See the below sample LDIF, with annotations and results.

      First one is to demonstrate that testing123123 is not a valid OC and the server will happily give us a 65 error about it:

      !RESULT ERROR
      #!CONNECTION ldap://192.168.56.4:11389
      #!DATE 2015-02-10T14:51:28.334
      #!ERROR [LDAP: error code 65 - Entry cn=test1,dc=example,dc=com violates the Directory Server schema configuration because it contains an unknown objectclass testing123123]
      dn: cn=test1,dc=example,dc=com
      changetype: add
      objectclass: testing123123
      objectclass: groupOfNames
      objectclass: top
      description: One bad object class, rest ok, structural included
      cn: test1
      

      Second one demonstrates that if we drop the structural class it allows the invalid testing123123 class:

      #!RESULT OK
      #!CONNECTION ldap://192.168.56.4:11389
      #!DATE 2015-02-10T14:51:28.345
      dn: cn=test2,dc=example,dc=com
      changetype: add
      objectclass: testing123123
      objectclass: top
      description: One bad object class, rest ok but no structural
      cn: test2
      

      This is what got created:

      $ ./ldapsearch -b "dc=example,dc=com" "(cn=test2)" "*"
      dn: cn=test2,dc=example,dc=com
      objectClass: testing123123
      objectClass: top
      description: One bad object class, rest ok but no structural
      cn: test2
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ian.packer Ian Packer [X] (Inactive)
                Reporter:
                ian.packer Ian Packer [X] (Inactive)
                Dev Assignee:
                Ian Packer [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: