[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=Subschema

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: cn=Subschema
From: "matthew sporleder" <msporleder@gmail.com>
Date: Tue, 29 Aug 2006 11:01:17 -0400
Cc: openldap <openldap-software@OpenLDAP.org>
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rTGrfhn6AUWyc8W+e5B64bpvyIBHNxrlH0nIeyJ1ibE33QB1llmMT/NL2PBA0i0vcoR82hz400DsLkbQn8TNAz5oyqEdp39DL1LCaJw2M3acyPG4ACBBRBG50DaKPxnFkYBJuQqt9SdglxkVAtiHd315HCqNAhZ6VPcqzCmZbw4=
In-reply-to: <44F43964.1060104@sys-net.it>
References: <b0459d5c0608282353n1df2de0buf60f9c7f9a3792a1@mail.gmail.com> <44F43964.1060104@sys-net.it>

On 8/29/06, Pierangelo Masarati <ando@sys-net.it> wrote:


> ldapsearch -x -b cn=Subschema -D cn=rootdn -w secretpassword -h
> localhost -p 389 -L objectclass=* objectclass attributetype
>
> Doesn't give any results.  Am I missing something easy?

You need to add "-s base" as per RFC4512 Section 4.4.


Thanks, I got it working by adding the acl, -s base, and + to my query.

In summary:
To expose your schema to ldap queries, add the following acl:
access to dn.base=""
  by * read

access to dn.base="cn=subschema"
  by * read
--

Then use a search like:
ldapsearch -x -s base -b cn=subschema -D cn=rootdn -w secretpassword
-h localhost -p 389 -LLL objectclass=* attributetype objectclass +

References:
- cn=Subschema
  - From: "matthew sporleder" <msporleder@gmail.com>
- Re: cn=Subschema
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: cn=config with SASL
Next by Date: pcache and whole entries
Index(es):
- Chronological
- Thread