Howard, >> | ldapsearch -x -h ldap.example.com -b dc=example,dc=com -E subentries=true >> cn=Subschema >> >> I get no results. How should this work? > > Read the ldapsearch(1) manpage and fix your search request.
I read it again, and found no clues that could help. What is so obvious that am I missing it? Note that I tried alternate forms that might work -- like cn=Subschema,dc=example,dc=com -- remotely as well as locally through ldapi / external. Nothing brings out the schema. >> Do schema entries have to be > explicitly enabled in the ACL as though they were normal entries, or is the > schema always visible? > > Everything *may* be hidden by ACLs, but whether that's true in your case > depends on your server config. OK, so I may be doing things wrong on both ends. It'd be really helpful to know what the correct query format is so I can fix any ACL issues. Thanks, -Rick
