HI! I've declared an attribute type like this with LDAP syntax OID: ( 22.214.171.124.4.1.5427.1.3126.96.36.199 NAME 'aeApplicableSOC' DESC 'AE-DIR: structural object classes for which policy is applicable' EQUALITY objectIdentifierMatch SYNTAX 188.8.131.52.4.1.14184.108.40.206.38 X-ORIGIN 'AE-DIR' ) Which is pretty similar to this: ( 220.127.116.11 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 18.104.22.168.4.1.1422.214.171.124.38 ) Now I wonder why I can't use the object class NAMEs instead of the OIDs as attribute or assertion values, e.g. why I can't find the entries with filter (aeApplicableSOC=aeUser). This reminds me a bit of the similar OID vs. NAME issue with 'pwdAttribute' in 'pwdPolicy' entries. Eventual I'd like to have a constraint like this: # check whether appropriate password policy is assigned constraint_attribute structuralObjectClass,pwdPolicySubentry set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC" Ciao, Michael.
Description: S/MIME Cryptographic Signature