The aci attribute is currently defined with a syntax of IA5 String. This syntax only allows 7-bit characters. Now that the server has support for syntax validation, this would prevent one from using international characters in aci rules. This patch defines the aci attribute with the Directory String syntax, which allows any valid UTF8 character.
Y'know, LDAP/X.500 requires that existing schema items must never be changed once they're in use. When you want to change something like this, usually you must define a new attributeType with a new OID for the purpose. Probably not so important given the history of schema checking in this code, but an fyi...
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- 389-devel mailing list 389-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
