Schema support
Michael Ströder
michael at stroeder.com
Thu Apr 4 23:51:54 CEST 2002
Hans Aschauer wrote:
>
> Ok, I went back to RFC 2251. That's how I understand it (please correct
> me when I'm wrong):
>
> Sec. 3.4:
> We can query the RootDSE for the subschemaSubentry attribute, which
> tells us which "subschema entries (or subentries) [are] known by this
> server":
>
> [aschauer at pygar]$ldapsearch -LLL -x -b "" -s base "(objectclass=*)" \
> subschemaSubentry
> dn:
> subschemaSubentry: cn=Subschema
Hmm, BTW it does not clarify how a client should deal with a multi-valued
subschemaSubentry attribute. Should schemas be used exclusive-or or joined.
That's another interesting topic to be discussed in IETF ldap-bis WG.
> So, as far as I understand it, we should first query the rootDSE for
> the subschema (sub)entries, and use the results as search bases for
> querying the schema information.
Take also a look at section 3.2.1.:
--------------- snip -----------------
3.2.1. Attributes of Entries
[..]
Entries MAY contain, among others, the following operational
attributes, defined in [5]. These attributes are maintained
automatically by the server and are not modifiable by clients:
[..]
- subschemaSubentry: the Distinguished Name of the subschema entry
(or subentry) which controls the schema for this entry.
--------------- snip -----------------
So my conclusion is that an application should first try to query
operational attribute subschemaSubentry for a particular entry and fall-back
to the subschemaSubentry attribute in the root DSE to find out the location
of sub schema sub entry in the DIT. Puh...
I guess I will start a discussion about that on the ldap-bis list.
Ciao, Michael.
More information about the python-ldap
mailing list