[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: requirements for accessing schema in DIT

To: Howard Chu <hyc@symas.com>
Subject: Re: requirements for accessing schema in DIT
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 06 Feb 2006 16:33:31 -0800
Cc: Brandon McCombs <bmccombs@ma.rr.com>, openldap-software@OpenLDAP.org
In-reply-to: <43E7DC53.1010406@symas.com>
References: <43E7D3CF.3060602@ma.rr.com> <43E7DC53.1010406@symas.com>

At 03:31 PM 2/6/2006, Howard Chu wrote:
>Brandon McCombs wrote:
>>What is required to get openldap to allow the schema to be viewed as part of the DIT?
>
>Viewing the schema has been supported since OpenLDAP 2.0. Just look for the subschemasubentry in the rootDSE, same as for any LDAPv3 compliant server.

s/rootDSE/target entry/

The subschemaSubentry of an entry (including the root DSE) provides
the name of subschema subentry controlling that entry.  Though
only a single subschema is allowed in slapd(8), this is a current
slapd(8) specific limitation.  In the X.500/LDAP model, different
entries (even within a naming context) can be controlled by different
subschemas and hence have different subschemaSubentry values.
That is, a client should not rely on values of subschemaSubentry
being the same for all entries (including the root DSE) held by
a server.

This is discussed in Section 4 of draft-ietf-ldapbis-models-xx.txt,
a copy of which is provided in doc/drafts.  (Note that this
document has been approved for publication as a Standards Track
RFC.)

Kurt

Follow-Ups:
- Re: requirements for accessing schema in DIT
  - From: Howard Chu <hyc@symas.com>

References:
- requirements for accessing schema in DIT
  - From: Brandon McCombs <bmccombs@ma.rr.com>
- Re: requirements for accessing schema in DIT
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Single User Authentication
Next by Date: Re: requirements for accessing schema in DIT
Index(es):
- Chronological
- Thread