Quanah Gibson-Mount wrote: > --On Wednesday, June 06, 2012 7:06 PM +0200 Jan-Piet Mens > <jpmens.dns@gmail.com> wrote: > >>> Don't inherit from top. >> >> This entry doesn't have objectClass=top: > > Howard is talking about the *schema definition*. Not the entry. > > However, I don't think his response is quite valid. AUXILIARY OC's > traditionally inherit from top. If you look at the standard track schema > items included with OpenLDAP, this is quite apparent. > > There are a ton of examples in core.schema/core.ldif of this very same usage. Yes. That's why I suggested to work around this by adding an ACL for attribute 'objectClass' *before* all other ACLs containing attrs=@objectClassName. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature