Re: dynlist and DSA IT Control

[Pierangelo Masarati <masarati@aero.polimi.it>]

On 02/07/2012 11:33 AM, Angel L. Mateo wrote:
> Hello,
>
> I have an openldap using dynlist to get some attributes of the entries.
>
> When I manually performs search, I can get these attributes (obtained
> through the dynlist overlay) without any problem, but when an
> application (a CAS server to be precise) tries to do the same search,
> with the same bind dn, I can't see those attributes.
>
> I have used wireshark to check any difference and I have found that the
> only difference between my search and the one made by the application is
> that this one use a control parameter in the search, to be precise the
> control 2.16.840.1.113730.3.4.2..
>
> Then I have checked and I have realized that if I used the -M option
> then I get the same behaviour and I can't get the attributes from the
> dynlist overlay.
>
> As far as I know I can't configure this behaviour in my application
> (although I'm also looking for any way to configure CAS not to use that
> control), so, why openldap does not use the dynlist overlay when this
> dsa it control is used? Is there any way to change this behaviour?

man slapo-dynlist:

           ...  The  above described behavior is disabled when the manâ
ageDSAit control (RFC 3296) is used.  In that case, the contents of the
dynamic  group entry is returned; namely, the URLs are returned instead
of being expanded.

p.

--
Pierangelo Masarati
Associate Professor
Dipartimento di Ingegneria Aerospaziale
Politecnico di Milano