[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Remote access to the directory schema



Rick van Rein (OpenFortress) wrote:
Hello,

Do I understand correctly, is the schema of a directory always accessible to its remote users?

Because when I request

| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry

I get entries like

| dn: dc=example,dc=com
| subschemaSubentry: cn=Subschema
|
| dn: cn=someone,dc=example,dc=com
| subschemaSubentry: cn=Subschema

but when I then try things like

| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema

I get no results. How should this work?

Read the ldapsearch(1) manpage and fix your search request.

Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the
schema always visible?

Everything *may* be hidden by ACLs, but whether that's true in your case depends on your server config.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/