Re: Can I read the schema using LDAP?

[Thomas Gagné <tgagne@wideopenwest.com>]

I've checked around google (searching the archives here rarely produces 
anything useful) and I found the following comment:

At 04:32 PM 4/4/01 +0200, Stéphane Barbaroux wrote:
> Hi,
>
> Could anyone explain me why the following request :
>
> ldapsearch -D "cn=root,o=sycomore,c=fr" -w secret -h atest02 -p 389 -b
> "cn=schema" -s base
>
> does work on Netcape Directory Server 4.1 and Secure Way Ibm 3.2 but not
> on Openldap 2.07

Because these LDAP implementations have an entry (or subentry)
named "cn=schema" and OpenLDAP doesn't.  If you are after the
subschema controlling a particular entry, read that entries
subschemaSubentry to obtain the name of the subschema subentry.
Then read the subschema subentry by issuing a search with
scope base and filter (objectClass=subschema) and a list of
the operational attributes you want returned.

Kurt
 

Which sounds like great information but doesn't mean a thing to me.  
Does it mean I should be looking for 
"cn=subschemaSubentry,o=sycomore,c=fr"?  Does it mean every entry (all 
object classes) have a "cn=subschemaSubentry" I can put in front of 
their DNs?

Also, do you have to have special privileges to read the schema?  What 
DN should I be looking for or what DN should my search base be?



Thomas Gagné wrote:

> Is there a way to read the schemas from ldap?  If you wanted to build 
> a dynamic UI it would have to know what was posssible for objects and 
> attributes.  I haven't noticed a way to do that in the man pages (yet).