Rick van Rein (OpenFortress) wrote:
Hello,
Do I understand correctly, is the schema of a directory always accessible to
its remote users?
Because when I request
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com subschemaSubentry
I get entries like
| dn: dc=example,dc=com
| subschemaSubentry: cn=Subschema
|
| dn: cn=someone,dc=example,dc=com
| subschemaSubentry: cn=Subschema
but when I then try things like
| ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true
cn=Subschema
I get no results. How should this work?
Read the ldapsearch(1) manpage and fix your search request.
Do schema entries have to be
explicitly enabled in the ACL as though they were normal entries, or is the
schema always visible?
Everything *may* be hidden by ACLs, but whether that's true in your case
depends on your server config.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
