[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: namingContext and defaultNamingContext



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dave Snoopy

> That worked, thanks!
>
> Why the '+'? Is it OpenLDAP breaking the standard by
> needing it, or the other LDAP servers by accepting it?

Sort of, and Yes.

The other LDAP servers are breaking the standard because these are
operational attributes, and operational attributes are not supposed to be
returned in search responses unless they are explicitly requested by name. So
the current standard requires you to search like this:

   ldapsearch -x -h ldaphost -s base -b "" namingContexts

OpenLDAP has added the '+' special attribute type as a wildcard for "all
operational attributes," analagous to '*' which already means "all user
attributes." Currently the '+' symbol is not part of the LDAPv3 standard, so
you could say that this usage breaks the standard. However, this has been
proposed to be adopted into the revised LDAPv3 standard, and it looks like
that will be approved, so... no, not really.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support