HI! I've declared an attribute type like this with LDAP syntax OID: ( 126.96.36.199.4.1.5427.1.3188.8.131.52 NAME 'aeApplicableSOC' DESC 'AE-DIR: structural object classes for which policy is applicable' EQUALITY objectIdentifierMatch SYNTAX 184.108.40.206.4.1.14220.127.116.11.38 X-ORIGIN 'AE-DIR' ) Which is pretty similar to this: ( 18.104.22.168 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 22.214.171.124.4.1.14126.96.36.199.38 ) Now I wonder why I can't use the object class NAMEs instead of the OIDs as attribute or assertion values, e.g. why I can't find the entries with filter (aeApplicableSOC=aeUser). This reminds me a bit of the similar OID vs. NAME issue with 'pwdAttribute' in 'pwdPolicy' entries. Eventual I'd like to have a constraint like this: # check whether appropriate password policy is assigned constraint_attribute structuralObjectClass,pwdPolicySubentry set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC" Ciao, Michael.
Description: S/MIME Cryptographic Signature