[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: attribute type is operational?
Hi,
Piotr Wadas <pwadas@jewish.org.pl> writes:
>> > significant in this case)
> So - system is Debian sid i386, openldap is 2.1.26 (package version
> 2.1.26-1). This package is compiled with --enable-aci since 2.1.12-1
> as mentioned in
> http://lists.debian.org/debian-devel-changes/2003/debian-devel-changes-200303/msg02006.html
>
>> Depending on your OpenLDAP version, this attribute exists already. See
>> schema_init.c
>
> I looked there, and found that there are some built-in schemas I didn't
> expect. Well, OK, there are built-in schemas I can't change without
> recompiling, not listed in schemas tab in my ldap browser (gq).
> Whatever:-). So I add this objectclass definition into my local.schema
>
> objectclass ( 1.3.6.1.4.1.10755.1.2.1.6
> NAME 'OpenLDAPacl'
> DESC 'OpenLDAP access control information'
> SUP top STRUCTURAL
> MUST ( objectclass )
> MAY ( OpenLDAPaci ) )
I don't know and don't understand what you are trying to do, but you
don't need this objectclass. The attribute OpenLDAPaci is an
operational attribute already compiled in.
> So? Does it mean that I misunderstood debian-devel and this option
> wasn't set with next release? I guess disabling this option should
> be also mentioned in next accepted openldap2 announces, but didn't
> find such.
I don't know anything about Debian and what Debian is
communicating. But I know that you don't have to write a schema file
for Access Control Information. If you want to set aci's just add the
attribute OpenLDAPaci with appropriate values to each object you
create. For further information
http://www.openldap.org/faq/data/cache/634.html
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de