[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can I read the schema using LDAP?

I've checked around google (searching the archives here rarely produces anything useful) and I found the following comment:

At 04:32 PM 4/4/01 +0200, Stéphane Barbaroux wrote:

Could anyone explain me why the following request :

ldapsearch -D "cn=root,o=sycomore,c=fr" -w secret -h atest02 -p 389 -b
"cn=schema" -s base

does work on Netcape Directory Server 4.1 and Secure Way Ibm 3.2 but not
on Openldap 2.07

Because these LDAP implementations have an entry (or subentry) named "cn=schema" and OpenLDAP doesn't. If you are after the subschema controlling a particular entry, read that entries subschemaSubentry to obtain the name of the subschema subentry. Then read the subschema subentry by issuing a search with scope base and filter (objectClass=subschema) and a list of the operational attributes you want returned.


Which sounds like great information but doesn't mean a thing to me. Does it mean I should be looking for "cn=subschemaSubentry,o=sycomore,c=fr"? Does it mean every entry (all object classes) have a "cn=subschemaSubentry" I can put in front of their DNs?

Also, do you have to have special privileges to read the schema? What DN should I be looking for or what DN should my search base be?

Thomas Gagné wrote:

Is there a way to read the schemas from ldap? If you wanted to build a dynamic UI it would have to know what was posssible for objects and attributes. I haven't noticed a way to do that in the man pages (yet).