[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema search in version 2.04 problems.

At 06:02 PM 9/23/00 -0500, Kevin Riggins wrote:
>We would like to use LDAP for single signon authentication to our Tru64 machines.  I am trying to use OpenLDAP as my server, but am running into a problem.  Tru64 requires version 3.  Before it will enable the client stuff it has to be able to verify the existence of a posixAccount object in the schema of the ldap serveer.  It does this by executing a search with the base set to "cn=schema".  I understand that this is not supported in version 2, but is in version 3.  Unfortunaltely, I have been unable to get it working with version 2.04 of OpenLDAP which I thought supported version 3.  Any help or tips much appreciated.

OpenLDAP 2.0 does support LDAPv3 schema discovery.   The client is making
inappropriate assumptions.

For any entry, the client should request the subschemaSubentry attribute.  This
contains the DN of the controlling subschema subentry.  The client then may
issue a search operation upon this subentry with scope base and filter
(objectClass=subschema) and request the desired schema attribute types. 

It is inappropriate to presume that the subschemaSubentry value within the
root DSE applies to other DSEs.  It is inappropriate to make presumptions
of the DNs of subschema subentries.