Howard,
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious that am I missing it?
Note that I tried alternate forms that might work -- like cn=Subschema,dc=example,dc=com -- remotely as well as locally through ldapi / external. Nothing brings out the schema.
Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case depends on your server config.
OK, so I may be doing things wrong on both ends. It'd be really helpful to know what the correct query format is so I can fix any ACL issues.
Thanks, -Rick