#include "slap.h"
#include "ldap_pvt.h"
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
-static int oc_check_allowed(
- AttributeType *type,
- struct berval **oclist );
-#else
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
static int oc_check_allowed(char *type, struct berval **oclist);
#endif
static char * oc_check_required(Entry *e, struct berval *ocname);
int
entry_schema_check(
- Entry *e, Attribute *oldattrs, char** text )
+ Entry *e, Attribute *oldattrs, const char** text )
{
Attribute *a, *aoc;
ObjectClass *oc;
int i;
int ret;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- static AttributeDescription *objectClass = NULL;
+ AttributeDescription *ad_objectClass = slap_schema.si_ad_objectClass;
#else
- static const char *objectClass = "objectclass";
+ static const char *ad_objectClass = "objectclass";
#endif
+ int extensible = 0;
if( !global_schemacheck ) return LDAP_SUCCESS;
/* find the object class attribute - could error out here */
- if ( (aoc = attr_find( e->e_attrs, objectClass )) == NULL ) {
+ if ( (aoc = attr_find( e->e_attrs, ad_objectClass )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "No object class for entry (%s)\n",
e->e_dn, 0, 0 );
-
*text = "no objectclass attribute";
return oldattrs != NULL
? LDAP_OBJECT_CLASS_VIOLATION
for ( i = 0; aoc->a_vals[i] != NULL; i++ ) {
if ( (oc = oc_find( aoc->a_vals[i]->bv_val )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
- "Objectclass \"%s\" not defined\n",
- aoc->a_vals[i]->bv_val, 0, 0 );
+ "entry_check_schema(%s): objectclass \"%s\" not defined\n",
+ e->e_dn, aoc->a_vals[i]->bv_val, 0 );
} else {
char *s = oc_check_required( e, aoc->a_vals[i] );
ret = LDAP_OBJECT_CLASS_VIOLATION;
break;
}
+
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ if( oc == slap_schema.si_oc_extensibleObject )
+#else
+ if( !strcmp( aoc->a_vals[i], "extensibleObject" ) == 0 )
+#endif
+ {
+ extensible=1;
+ }
+
}
}
return ret;
}
+ if( extensible ) {
+ return LDAP_SUCCESS;
+ }
+
/* check that each attr in the entry is allowed by some oc */
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
Debug( LDAP_DEBUG_TRACE,
"oc_check_required entry (%s), objectclass \"%s\"\n",
- e->e_dn, ocname, 0 );
+ e->e_dn, ocname->bv_val, 0 );
/* find global oc defn. it we don't know about it assume it's ok */
if ( (oc = oc_find( ocname->bv_val )) == NULL ) {
return( NULL );
}
-static int
-oc_check_allowed(
+#ifndef SLAPD_SCHEMA_NOT_COMPAT
+static
+#endif
+int oc_check_allowed(
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeType *at,
#else
#endif
#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ /*
+ * All operational attributions are allowed by schema rules.
+ */
if( is_at_operational(at) ) {
return LDAP_SUCCESS;
}