[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to access schema via LDAP

To: ando@sys-net.it
Subject: Re: unable to access schema via LDAP
From: Tod Thomas <tthomas@chubb.com>
Date: Mon, 13 Sep 2004 08:02:40 -0400
Cc: openldap-software@OpenLDAP.org
References: <1093950627.4007.21.camel@sen> <36462.131.175.154.56.1093952602.squirrel@131.175.154.56>

Pierangelo Masarati wrote:
> 
> > Hello,
> >
> > I want to read the schema of my OpenLDAP server but there doesn't seem
> > to be an object called cn=schema. OpenLDAP log extract:
> >
> > Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 SRCH base="cn=schema"
> > scope=0 filter="(objectClass=*)"
> > Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 SRCH
> > attr=objectclasses 2.5.21.6 attributetypes 2.5.21.5
> > Aug 31 10:50:12 vasco slapd[23739]: conn=253 op=2 RESULT tag=101 err=32
> > text=
> >
> > The application that needs to read the schema (IDM2.0.1/dirxml) doesn't
> > give any choice wether to search for the schema in a different object.
> > How can i make the schema available through cn=schema?
> 
> 1) Fix the application (ask your vendor for support/bugfix); or
> 
> 2) Fix slapd:
>   2a) change the definition of the name of the schema entry; or
>   2b) proxy the server via back-ldap and suffixmassage cn=schema
>       into cn=subschema; or
>   2c) use the global overlays feature of slapd in HEAD to
>       rename cn=schema into cn=subschema by means of the rwm overlay
> 

Would there ever be a valid reason not to give a client the ability to
'see' the schema?  I'm thinking security here.

Tod

Prev by Date: Re: How to send a mail to a serviceA@mydomain.com address without picking up each persons in this service
Next by Date: Re: access rule for multiple attributetypes
Index(es):
- Chronological
- Thread