Original Reporter: bollin
Environment: server is OpenLDAP
Version: 2.0.1
Migrated From: https://jira.spring.io//browse/LDAP-303
I have a class with annotation
@Entry(objectClasses = {"top"})
but several ldap nodes have only the objectClass=inetOrgPerson which is correct because inetOrgPerson inherits from top. Spring-ldap submits a query
(&(objectClass=top)(uid=...))
to the server and the server responds with all nodes because it knows about the inheritance. For nodes with objectClass=inetOrgPerson only the server sends only this objectClass back to the client without the inherited objectClass top.
But there is a check in org.springframework.ldap.odm.core.impl.DefaultObjectDirectoryMapper#mapFromLdapDataEntry
if(!collectionContainsAll(objectClassesFromJndi, metaData.getObjectClasses()))
that throws away all results that do not have an explicit objectClass=top in the server's response.
IMHO, spring-ldap should trust the ldap server and do not throw away such results. But at least there should be an option for disabling/enabling this extra check.
Original Reporter: bollin Environment: server is OpenLDAP Version: 2.0.1 Migrated From: https://jira.spring.io//browse/LDAP-303 I have a class with annotation @Entry(objectClasses = {"top"}) but several ldap nodes have only the objectClass=inetOrgPerson which is correct because inetOrgPerson inherits from top. Spring-ldap submits a query (&(objectClass=top)(uid=...)) to the server and the server responds with all nodes because it knows about the inheritance. For nodes with objectClass=inetOrgPerson only the server sends only this objectClass back to the client without the inherited objectClass top.
But there is a check in org.springframework.ldap.odm.core.impl.DefaultObjectDirectoryMapper#mapFromLdapDataEntry if(!collectionContainsAll(objectClassesFromJndi, metaData.getObjectClasses())) that throws away all results that do not have an explicit objectClass=top in the server's response.
IMHO, spring-ldap should trust the ldap server and do not throw away such results. But at least there should be an option for disabling/enabling this extra check.