Re: attribute type is operational?

[Dieter Kluenter <dieter@dkluenter.de>]

Hi,

Piotr Wadas <pwadas@jewish.org.pl> writes:

>> > significant in this case)
> So - system is Debian sid i386, openldap is 2.1.26 (package version
> 2.1.26-1). This package is compiled with --enable-aci since 2.1.12-1
> as mentioned in
> http://lists.debian.org/debian-devel-changes/2003/debian-devel-changes-200303/msg02006.html
>
>> Depending on your OpenLDAP version, this attribute exists already. See
>> schema_init.c
>
> I looked there, and found that there are some built-in schemas I didn't
> expect. Well, OK, there are built-in schemas I can't change without
> recompiling, not listed in schemas tab in my ldap browser (gq). 
> Whatever:-). So I add this objectclass definition into my local.schema
>
> objectclass ( 1.3.6.1.4.1.10755.1.2.1.6
>         NAME 'OpenLDAPacl'
>         DESC 'OpenLDAP access control information'
>         SUP top STRUCTURAL
>         MUST    ( objectclass )
>         MAY     ( OpenLDAPaci ) )

I don't know and don't understand what you are trying to do, but you
don't need this objectclass. The attribute OpenLDAPaci is an 
operational attribute already compiled in.

> So? Does it mean that I misunderstood debian-devel and this option
> wasn't set with next release? I guess disabling this option should
> be also mentioned in next accepted openldap2 announces, but didn't
> find such.

I don't know anything about Debian and what Debian is
communicating. But I know that you don't have to write a schema file
for Access Control Information. If you want to set aci's just add the
attribute OpenLDAPaci with appropriate values to each object you
create. For further information

http://www.openldap.org/faq/data/cache/634.html

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de