We currently use oidValidate() in the hardcoded definition of attributes like dITContentRules, matchingRules, attributeTypes, objectClasses, nameForms, matchingRuleUse. However, this only looks correct as a validator for an assertion value of the related syntaxes, while it fails for valid attribute values. I understand this is a moot point, since we do not allow direct writing of cn=subschema and subschema subentries in general. However this causes, for example, an incorrect error to be returned when one attempts to write, for example, cn=subschema.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------