[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server-Side Sort Overlay ordering problems



On Fri, Jan 15, 2010 at 1:30 PM, Diego Lima <lists@diegolima.org> wrote:
> Hi,
>
> 2010/1/15 Quanah Gibson-Mount <quanah@zimbra.com>
>>
>> --On Friday, January 15, 2010 12:06 PM -0500 Edward Capriolo
>> <edlinuxguru@gmail.com> wrote:
>>
>>> Diego,
>>>
>>> You and I have the same issue. UID and CN are not in the schema they
>>> are compiled into LDAP some how, so there is no way to apply an
>>> ordering rule. I can not find if this is possible, or what is involved
>>> in making it happen.
>
> I'm currently testing a quick and dirty hack that I made to
> servers/slapd/schema_prep.c:
> --- schema_prep.c.ori 2010-01-15 13:28:04.000000000 -0200
> +++ /root/openldap-2.4.21/servers/slapd/schema_prep.c 2010-01-15
> 13:04:56.000000000 -0200
> @@ -915,6 +915,7 @@ static struct slap_schema_ad_map {
>   offsetof(struct slap_internal_schema, si_ad_name) },
>   { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) "
>   "DESC 'RFC4519: common name(s) for which the entity is known by' "
> + "ORDERING caseIgnoreOrderingMatch "
>   "SUP name )",
>   NULL, 0,
>   NULL, NULL,
> @@ -924,6 +925,7 @@ static struct slap_schema_ad_map {
>   "DESC 'RFC4519: user identifier' "
>   "EQUALITY caseIgnoreMatch "
>   "SUBSTR caseIgnoreSubstringsMatch "
> + "ORDERING caseIgnoreOrderingMatch "
>   "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )",
>   NULL, 0,
>   NULL, NULL,
>
> By making these changes I've been able to get around my current problem, but
> it might not be as stable as you expect.
>
>>
>> You can find these attributes defined in the code in servers/slapd.
>>
>> However, I will note, the definitions of these attributes are RFC defined.
>> They have no ORDERING rule on purpose.
>>
>> --Quanah
>
> Thanks for the input Quanah, but the problem is we have some legacy
> applications that used a really old LDAP server where this was allowed. I'm
> trying to migrate the server (that's a fedora directory from fedora 6) to a
> new openldap-based one. I must, however, maintain compatibility with the
> existing applications.
> Is there any problem (despite not being RFC-compliant) on enabling ordering
> on these attributes?
>
> --
> Diego Lima
>

So I have implemented this patch.

Now my client greats me with: Unavailable critical extension
I see this in the log


@400000004b5a1ea4146c62cc => get_ctrls: oid="1.2.840.113556.1.4.473"
(noncritical)
@400000004b5a1eb912121b34 => get_ctrls: oid="1.2.840.113556.1.4.473" (critical)

I find this as advice:

http://www.openldap.org/lists/openldap-software/200408/msg00321.html

access to dn.exact="" attrs=supportedControl val=1.2.840.113556.1.4.319
   by * none


Yet this does not work:

@400000004b5a2339219ce584 /usr/local/openldap/etc/openldap/slapd.conf:
line 44: attr "supportedControl" does not have an EQUALITY matching
rule.

This address book thing is totally whipping my rear.

I am configured like so:

 addConfOpt  "--prefix=/usr/local/openldap"  #base of the installation
  addConfOpt  "--enable-debug=yes"
  addConfOpt  "--enable-ip6=no"
  addConfOpt  "--enable-crypt=yes"
  addConfOpt  "--enable-wrapper=yes"
  addConfOpt  "--enable-module=yes"
  addConfOpt  "--enable-bdb=yes"
  addConfOpt  "--enable-shell=yes"
  addConfOpt  "--enable-null=yes"
  addConfOpt  "--enable-overlays=yes"
  addConfOpt  "--enable-shared=yes"
  addConfOpt  "--with-threads=yes"
  addConfOpt  "--with-tls"
  addConfOpt  "--enable-sssvlv" # need this for server side sorting
outlook address book

Unless someone else can tell me they have this working I will give up.

Thanks,
Ed