On 6/6/2012 9:03 μμ, Quanah Gibson-Mount wrote:
Discussed with Howard. That is how the standard track RFCs define those objectClasses, but in general, you don't want to do this with your custom AUX objectClasses. Really the RFC defined oc's should be fixed via another RFC, but fat chance of that happening.
If you truly want to inherit from top for your AUX objectClases in the schema definition, then add an ACL granting access to the objectClass attribute as one of your first ACL entries.
OK, I removed "SUP top" from the schema definition (following above recommendation and hoping that I am not going to drive into any issue down the road), and now it works as expected.
Since it is not uncommon for admins to create/use custom schemas (even not being experts in LDAP RFCs), it might be useful to put together (at the project's convenience) a short list of such considerations for us poor LDAP men. :-)
Thank you for all the help.
Regards, Nick