structuralObjectClass multi-valued in W2K8

[Andrew Bartlett]

On Sat, 2009-04-18 at 17:36 +0200, Michael Ströder wrote:
> HI!
> 
> Looking at a user entry in MS AD on W2K8 there's a bug with attribute
> 'structuralObjectClass'. It lists all (structural) object classes
> whereas other LDAPv3 compliant servers only list *the* structural object
> class of an entry. Normally 'structuralObjectClass' is SINGLE-VALUE.
> 
> Example MS AD W2K8:
> 
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> structuralObjectClass: top
> structuralObjectClass: person
> structuralObjectClass: organizationalPerson
> structuralObjectClass: user
> 
> Example OpenLDAP:
> 
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: msPerson
> objectClass: posixAccount
> objectClass: simpleSecurityObject
> structuralObjectClass: inetOrgPerson
> 
> Why to care about this? A really schema-aware client (e.g. my web2ldap)
> might look at the attribute structuralObjectClass while determining the
> governing structural rule of an entry (in case DIT structure rules are
> in effect).
> 
> Now the question is whether Samba4 wants to mimique this bug or whether
> it would be worth trying to convince the MS developers to fix it.
> 
> There are other schema bugs like 'objectClass' being declared as
> NO-USER-MODIFICATION while MS AD happily accepts modifications...

Samba4 will implement the same 'bugs' as AD in all these cases.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090420/c5d95925/attachment.bin