[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: requirements for accessing schema in DIT



At 03:31 PM 2/6/2006, Howard Chu wrote:
>Brandon McCombs wrote:
>>What is required to get openldap to allow the schema to be viewed as part of the DIT?
>
>Viewing the schema has been supported since OpenLDAP 2.0. Just look for the subschemasubentry in the rootDSE, same as for any LDAPv3 compliant server.

s/rootDSE/target entry/

The subschemaSubentry of an entry (including the root DSE) provides
the name of subschema subentry controlling that entry.  Though
only a single subschema is allowed in slapd(8), this is a current
slapd(8) specific limitation.  In the X.500/LDAP model, different
entries (even within a naming context) can be controlled by different
subschemas and hence have different subschemaSubentry values.
That is, a client should not rely on values of subschemaSubentry
being the same for all entries (including the root DSE) held by
a server.

This is discussed in Section 4 of draft-ietf-ldapbis-models-xx.txt,
a copy of which is provided in doc/drafts.  (Note that this
document has been approved for publication as a Standards Track
RFC.)

Kurt