2:42 a.m.
Hello,
Do I understand correctly, is the schema of a directory always accessible to its remote
users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com
| subschemaSubentry: cn=Subschema
|
| dn: cn=someone,dc=example,dc=com
| subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work? Do schema entries have to be explicitly enabled
in the ACL as though they were normal entries, or is the schema always visible?
Thanks,
-Rick
4:30 a.m.
Rick van Rein (OpenFortress) wrote:
Hello,
Do I understand correctly, is the schema of a directory always accessible to its remote
users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com
| subschemaSubentry: cn=Subschema
|
| dn: cn=someone,dc=example,dc=com
| subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
Do schema entries have to be
explicitly enabled in the ACL as
though they were normal entries, or is the
schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case
depends on your server config.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5:23 a.m.
Howard,
> | ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E
subentries=true cn=Subschema
>
> I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious that am I missing
it?
Note that I tried alternate forms that might work -- like cn=Subschema,dc=example,dc=com
-- remotely as well as locally through ldapi / external.
Nothing brings out the schema.
> Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the
schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case depends on
your server config.
OK, so I may be doing things wrong on both ends. It'd be really helpful to know what
the correct query format is so I can fix any ACL issues.
Thanks,
-Rick
7:41 a.m.
--On Monday, April 08, 2013 2:23 PM +0200 "Rick van Rein (OpenFortress)"
<rick(a)openfortress.nl> wrote:
Howard,
>> | ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E
>> | subentries=true cn=Subschema
>>
>> I get no results. How should this work?
>
> Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious
that am I missing it?
Note that I tried alternate forms that might work -- like
cn=Subschema,dc=example,dc=com -- remotely as well as locally through
ldapi / external. Nothing brings out the schema.
+ vs *
ldapsearch -x -H ldapi:/// -D cn=config -w zimbra -s base -b cn=subschema +
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
3712
days inactive
3712
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Howard Chu -
Quanah Gibson-Mount -
Rick van Rein (OpenFortress)