view all possible attributes of an objectClass for LDAP

Solution 1:

You're looking for the subschemaSubentry.
RFC 2252 Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions

5.1.5. subschemaSubentry

The value of this attribute is the name of a subschema entry (or subentry if the server is based on X.500(93)) in which the server makes available attributes specifying the schema.

( 2.5.18.10 NAME 'subschemaSubentry'
  EQUALITY distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
  SINGLE-VALUE USAGE directoryOperation )

You can find it like so:

$ ldapsearch -s base -b '' subschemaSubentry
dn:
subschemaSubentry: cn=Subschema

$ ldapsearch -s base -b cn=Subschema objectClasses

As a one line:

ldapsearch -s base -b $(ldapsearch -s base -b '' subschemaSubentry | sed '/dn:/d;/^$/d;s/subschemaSubentry: //' ) objectClasses

If you're scripting in bash and your version of ldapsearch supports it, -o ldif-wrap=no will mean that you don't have to parse ldif line wrapping.


cn=schema,cn=config, while handy, is usually unavailable under OpenLDAP due to access controls inheritted from cn=config.

Solution 2:

This is what I use to show the schema of a specific objectClass, such as organizationalRole

$ ldapsearch -s base -b cn=Subschema objectClasses -LLL -o ldif-wrap=no |\
  sed -nr '/organizationalRole/ p' | sed -r 's/[$()]+/\n /g'

Solution 3:

It has been a lot of time since I was working with LDAP, but I think that each LDAP server may expose the schema in a certain suffix.

I think in Openldap you can search in base "cn=schema, cn=config" to find the current schema. Try something like ldapsearch -x -s sub -b "cn=schema,cn=config" '(objectclass=*)' to see what you get. (Haven't tested this command line, but you get the point...).

From a developer's perspective, I would expect that the correct schema is there, and handle the exception of objectclass violation as if it was any kind of error.

I think that altering the schema is not something that should be handled by the application that adds/deletes data but by the installation procedure of the software.