[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP V3 - read schema from server (ITS#498)



At 04:52 PM 4/11/00 GMT, yohann.fourteau@webmotion.net wrote:
>paulcun@sco.com wrote:
>> 
>> If I try to read the schema from the LDAP V3 server using:
>> 
>>         ldapsearch -h scofix -b "cn=schema" -s base "objectclass=*"
>> 
>> it only returns the following:
>> 
>>         CN=SCHEMA
>>         cn=SCHEMA
>>         objectclass=top
>>         objectclass=LDAPsubentry
>>         objectclass=subschema
>>         objectclass=extensibleObject
>> 
>> shouldn't it return the full schema definition (netscapeDS & IBMSecureWay
>> do).
>
>Why do you set -b to "cn=schema" ? Why not -b "" ?

The base should be the DN of the desired subschema subentry as
determined by reading the subschemasubentry attribute of the
entry to be access (or, if adding an entry, the entry at the
root of the namingContext).  As hinted to in RFC 2251 (and
clarified in IETF LDAPext WG discussion), clients cannot
rely on the value(s) subschemasubentry attribute of the RootDSE
to apply a particular naming context.  [In fact, the subschemasubentry
of the RootDSE *should* be the subschema controlling the RootDSE itself
which may be quite different than that controlling a particular naming
context].

I hope to get this and related issues clarified in RFC2251bis
documents (when they are drafted).

	Kurt