[Date Prev][Date Next]
Re: unable to access schema via LDAP
Pierangelo Masarati wrote:
> > Hello,
> > I want to read the schema of my OpenLDAP server but there doesn't seem
> > to be an object called cn=schema. OpenLDAP log extract:
> > Aug 31 10:50:12 vasco slapd: conn=253 op=2 SRCH base="cn=schema"
> > scope=0 filter="(objectClass=*)"
> > Aug 31 10:50:12 vasco slapd: conn=253 op=2 SRCH
> > attr=objectclasses 220.127.116.11 attributetypes 18.104.22.168
> > Aug 31 10:50:12 vasco slapd: conn=253 op=2 RESULT tag=101 err=32
> > text=
> > The application that needs to read the schema (IDM2.0.1/dirxml) doesn't
> > give any choice wether to search for the schema in a different object.
> > How can i make the schema available through cn=schema?
> 1) Fix the application (ask your vendor for support/bugfix); or
> 2) Fix slapd:
> 2a) change the definition of the name of the schema entry; or
> 2b) proxy the server via back-ldap and suffixmassage cn=schema
> into cn=subschema; or
> 2c) use the global overlays feature of slapd in HEAD to
> rename cn=schema into cn=subschema by means of the rwm overlay
Would there ever be a valid reason not to give a client the ability to
'see' the schema? I'm thinking security here.