Hello,
Do I understand correctly, is the schema of a directory always accessible to its remote users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com | subschemaSubentry: cn=Subschema | | dn: cn=someone,dc=example,dc=com | subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work? Do schema entries have to be explicitly enabled in the ACL as though they were normal entries, or is the schema always visible?
Thanks, -Rick
Rick van Rein (OpenFortress) wrote:
Hello,
Do I understand correctly, is the schema of a directory always accessible to its remote users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com | subschemaSubentry: cn=Subschema | | dn: cn=someone,dc=example,dc=com | subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case depends on your server config.
Howard,
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious that am I missing it?
Note that I tried alternate forms that might work -- like cn=Subschema,dc=example,dc=com -- remotely as well as locally through ldapi / external. Nothing brings out the schema.
Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case depends on your server config.
OK, so I may be doing things wrong on both ends. It'd be really helpful to know what the correct query format is so I can fix any ACL issues.
Thanks, -Rick
--On Monday, April 08, 2013 2:23 PM +0200 "Rick van Rein (OpenFortress)" rick@openfortress.nl wrote:
Howard,
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E | subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious that am I missing it?
Note that I tried alternate forms that might work -- like cn=Subschema,dc=example,dc=com -- remotely as well as locally through ldapi / external. Nothing brings out the schema.
+ vs *
ldapsearch -x -H ldapi:/// -D cn=config -w zimbra -s base -b cn=subschema +
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Howard Chu -
Quanah Gibson-Mount -
Rick van Rein (OpenFortress)