Re: Resolving groups (neophyte question)

[Mark Smith <mcs@netscape.com>]

Julio Sánchez Fernández wrote:
> 
> Mark Smith wrote:
> 
> > It is standard practice for LDAP clients to use the filter
> > "(objectclass=*)" when reading entries; so much so that this has been
> > baked into recent C LDAP API Internet Drafts such that passing NULL for
> > the filter argument to the ldap_search() functions means 'use the filter
> > "(objectclass=*)".'
> 
> And RFC2251, section 4.5.1 ends with a paragraph sanctifying this.  Except
> when reading subschema subentries, objectclass=* is the canonical way.

I know you meant to say "(objectclass=subschema)" but others might be
confused.  From RFC 2251 section 3.2):

>    Clients MUST only retrieve attributes from a subschema entry by
>    requesting a base object search of the entry, where the search filter
>    is "(objectClass=subschema)". (This will allow LDAPv3 servers which
>    gateway to X.500(93) to detect that subentry information is being
>    requested.)

-- 
Mark Smith
Directory Architect / Netscape Communications Corp.
My words are my own, not my employer's.  Got LDAP?