[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: base search with objectClass=* does not work properly...



Kurt,
 Thanks for the reply.
 Here is the confusion from RFC 2251.

"Clients MUST only retrieve attributes from a subschema entry by
  requesting a base object search of the entry, where the search filter
  is "(objectClass=subschema)". (This will allow LDAPv3 servers which
  gateway to X.500(93) to detect that subentry information is being
  requested.)"

I have just quoted the above para from rfc 2251. So if I have to query the LDAP server to get the object classes that it supports, the above para tells me to query the base object search of the entry. Which entry will this be? If the entire tree is under one schema management domain then will it be sufficient to query the root of the tree to get the object classes supported under that schema domain. If that is true then the "(objectClass=*)" filter with a NULL base should return all the object classes that is supported by that schema domain. It is a non-operational attribute.

RFC 2251 does not say the root DSE contains subschema attributes.
RFC 2251 says that the root DSE, as well as all objects, should
have a subschemaSubentry attribute whose value refers to the
controlling subschema entry (or subentry).

So what you say is that when I query the root dse the subschmeSubentry attribute's value should be returned. This is a DN to the subschema which has the list of schema objects supported within a tree (i.e. schema management domain). I don't even get that when I do the above mentioned query. Have I done something wrong here.


I searched the archived as you mentioned in your reply and I did not see anything responses which specified anything different.

Appreciate your help.
SG


From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
To: "Sukanta Ganguly" <groundl@hotmail.com>
CC: jajati@datalinx.net, openldap-software@OpenLDAP.org
Subject: Re: base search with objectClass=* does not work properly...
Date: Tue, 16 Jan 2001 13:54:55 -0800

At 09:19 PM 1/16/01 +0000, Sukanta Ganguly wrote:
>Hi,
> In RFC 2251 it is mentioned very clearly that a search command like a base search with NULL RD (implies root dse) will return all the object classes supported by the LDAP server.


RFC 2251 does not say the root DSE contains subschema attributes.
RFC 2251 says that the root DSE, as well as all objects, should
have a subschemaSubentry attribute whose value refers to the
controlling subschema entry (or subentry).

I note that one should whenever possible ready the subschemaSubentry
from the object they wish to modify (or from its parent if adding
a new entry) as different entries may be controlled by different
subschemas.

I also note that LDAPv3 schema discovery, in particular the semantics
of the subschemaSubentry attribute of the Root DSE, will likely
be updated by the IETF as the defined mechanism is known to be
flawed in numerous ways [see IETF LDAPext and LDAPbis WG mailing lists
<http://www.ietf.org/>).

>So if that is the case then
>
>ldapsearch -b "" -s base "(objectClass=*)" should return all the object classes within the LDAP server.
>Correct?



No. It should return all non-operational attributes of the root DSE.

Please see the archives for further details on how to read the
controlling subschema of an object.


_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com