|
In Section 4.4, there is: "To read schema attributes
from the subschema (sub)entry, clients MUST issue a base object search where the filter is "(objectClass=subschema)" [Filters] and the list of attributes includes the names of the desired schema attributes (as they are operational). This filter allows LDAP servers which gateway to X.500 to detect that subentry information is being requested." The last bit is interesting. This is so the LDAP server knows that the client is reading a subentry as opposed to a directory entry. This presumes that there are cases where the LDAP server needs to know the difference, and this special filter is given as that way.
Earlier in Section 4.2 it says "Servers MAY allow subschema modification. Procedures for subschema modification are discussed in Section 14.5 of [X.501]."
This is new text (was not in RFC 2251). This does not consider the case where the LDAP server needs to know the difference (as above) and doesn't provide a way for the client to convey the difference.
Jim |