HI! I've declared an attribute type like this with LDAP syntax OID: ( 1.3.6.1.4.1.5427.1.389.100.4.18 NAME 'aeApplicableSOC' DESC 'AE-DIR: structural object classes for which policy is applicable' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'AE-DIR' ) Which is pretty similar to this: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) Now I wonder why I can't use the object class NAMEs instead of the OIDs as attribute or assertion values, e.g. why I can't find the entries with filter (aeApplicableSOC=aeUser). This reminds me a bit of the similar OID vs. NAME issue with 'pwdAttribute' in 'pwdPolicy' entries. Eventual I'd like to have a constraint like this: # check whether appropriate password policy is assigned constraint_attribute structuralObjectClass,pwdPolicySubentry set "this/structuralObjectClass & this/pwdPolicySubentry/aeApplicableSOC" Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature