[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: schema in root DSE?

Bert Vermeulen wrote:
> Is anyone working on publishing the server's schema from the root DSE?

Yes.  Expect to have it soon, very soon.  I am working on the new schema
and I am very close to start committing things.  As soon as this is done,
publishing the schema is real easy (read libraries/libldap/schema.c for
routines that produce exactly what is needed from the internal structs).
They are there just waiting to be used.

BTW, I have a problem with the presence or absence of the objectclass
attribute type in the root DSE.  What are the objectclasses of the root
DSE?  Someone has pointed to me that in X.500, the DSE have no objectclass
and have a DSE type instead.  However, the RFCs are very clear in this
respect: every entry MUST have objectclass.  Netscape provides a 'top'
value for it (sometimes supplemented by some auxiliary classes that are
irrelevant to this discussion).

If 'top' is the only value for the objectclass attribute type, then the
values that are allowed in the root DSE are not permitted by any class.
It might be argued that they are operational attributes, but then RFC2251
is explicit in that:

   Some attributes, termed operational attributes, are used by servers
   for administering the directory system itself.  They are not returned
   in search results unless explicitly requested by name.

But everyone seems to return them.  It can be argued that they are not
operational and thus are returned but that it is not a schema violation
since schema violation is a concept related to directory updates and
operations happening outside the protocol are not bound by this check.
I find this difficult to swallow.  This is dragging the problem under
the rug...

Any opinions?