On 07/29/2010 01:30 AM, Rudolf Hatheyer wrote:
> Hi,
> I've noticed a difference in behavior between 1.0.x and 1.2.x Version of
> FDS.
> Version 1.2.x will not return the hole schema (without specifying
> attributes objectClasses, matchingRules ).
This change came about from some work to make 389 more standards 
compliant.  The "objectClasses" and "attributeTypes" attributes are 
defined as operational attributes per RFC 4512.  This requires a client 
to explicitly request those attributes (see RFC 4512, section 4.4).  
Unfortunately, there is no easy way to change this behavior.

Is there no way to make ADSI/VBScript request the attributes to return 
when querying the subschema entry?  It seems like this would be a 
problem when using any server that follows the LDAPv3 standards with 
regards to subschema.
> This a problem when querying by use of VBScript (i need this ugly stuff
> in a windows login script to get specific user data from the LDAP). ADSI
> will first do a root-DSE query to determine the provided schema. If the
> server returns no schema, ADSI will allow you to query only standard
> LDAP V2 attributes (and not my special ones).
> Query a Server with Version 1.2.5
> # ./ldapsearch -h -b cn=schema -s base "objectclass=*"
> version: 1
> dn: cn=schema
> objectClass: top
> objectClass: ldapSubentry
> objectClass: subschema
> cn: schema
> Specifying for instance "objectClasses" attribut in the query returns
> the wanted data:
> version: 1
> dn: cn=schema
> objectClasses: ( NAME 'top' ABSTRACT MUST objectClass X-ORIGIN
> 'RFC 45
>   12' )
> objectClasses: ( NAME 'alias' SUP top STRUCTURAL MUST
> aliasedObjectNam
>   e X-ORIGIN 'RFC 4512' )
> objectClasses: ( NAME 'subschema' AUXILIARY MAY (
> dITStructureRules $
>    nameForms $ dITContentRules $ objectClasses $ attributeTypes $
> matchingRule
>   s $ matchingRuleUse ) X-ORIGIN 'RFC 4512' )
> objectClasses: ( NAME 'extensibleObject'
> SUP top
> [...]
> Query a Server with Version 1.0.4
> version: 1
> dn: cn=schema
> objectClass: top
> objectClass: ldapSubentry
> objectClass: subschema
> cn: schema
> objectClasses: ( NAME 'top' DESC 'Standard LDAP objectclass'
>   MUST objectClass X-ORIGIN 'RFC 2256' )
> objectClasses: ( NAME 'alias' DESC 'Standard LDAP objectclass'
> SUP top
>    ABSTRACT MUST aliasedObjectName X-ORIGIN 'RFC 2256' )
> objectClasses: ( NAME 'extensibleObject'
>   APv3 extensible object' SUP top AUXILIARY X-ORIGIN 'RFC 2252' )
>   [...]
> Is there a way to configure the 1.2.x series to get the old behavior?
> Regards, Rudolf

389 users mailing list

Reply via email to