--On Wednesday, June 06, 2012 7:06 PM +0200 Jan-Piet Mens <jpmens.dns@gmail.com> wrote:Don't inherit from top.This entry doesn't have objectClass=top:Howard is talking about the *schema definition*. Not the entry. However, I don't think his response is quite valid. AUXILIARY OC's traditionally inherit from top. If you look at the standard track schema items included with OpenLDAP, this is quite apparent. There are a ton of examples in core.schema/core.ldif of this very same usage.
Discussed with Howard. That is how the standard track RFCs define those objectClasses, but in general, you don't want to do this with your custom AUX objectClasses. Really the RFC defined oc's should be fixed via another RFC, but fat chance of that happening.
If you truly want to inherit from top for your AUX objectClases in the schema definition, then add an ACL granting access to the objectClass attribute as one of your first ACL entries.
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration