Re: Remote access to the directory schema
Rick van Rein (OpenFortress) wrote:
Hello,
Do I understand correctly, is the schema of a directory always accessible to its remote
users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com
| subschemaSubentry: cn=Subschema
|
| dn: cn=someone,dc=example,dc=com
| subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
Do schema entries have to be
explicitly enabled in the ACL as
though they were normal entries, or is the
schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case
depends on your server config.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/