rein@OpenLDAP.org wrote:

Full_Name: Rein Tollevik Version: CVS HEAD OS: Irrelevant URL: Submission from: (NULL) (2a01:600:0:1:21c:23ff:feab:61cd) Submitted by: rein

Some of the operational attributes defined in the slapd source are hidden from the clients unless slapd is compiled with LDAP_DEVEL enabled. Still, some of these elements are used in the database (as in the authz* and monitor related attributes).

Yes, see also: http://www.openldap.org/its/index.cgi?findid=5573 http://www.openldap.org/its/index.cgi?findid=5574 http://www.openldap.org/its/index.cgi?findid=5576

IIRC also a bunch of attribute types used in back-config which makes back-config almost unusable with a stock schema aware client.

The standard answer by Kurt and others is that as along as an experimental OID with .666 is used a schema description should be hidden. I strongly disagree with that though.

This causes my schema-aware application to complain when it sees (or worse tries to modify) these attributes.

(Sigh!) I also had to add several work-arounds to web2ldap regarding this.

A patch that adds a new optional define that can be used to disable the schema hiding without enabling LDAP_DEVEL is coming.

Looking forward to this being committed.

A better fix would be to not hide those schema elements that is actually being used..

Amen.

Ciao, Michael.