[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Server configuration for controls and extends HOWTO

Naresh Verma wrote:
> Thanks Michael for help,
> Please see the inline answers to your queries -
>>> I have spent about 2 weeks searching the web, looking for OpenLDAP
>>> server configurations for supporting the *Controls & extends*.
>> Can you please elaborate which controls and extended
>> operations you're after?
> NKV> I am looking for -
> 2.16.840.1.113730.3.4.2
> 2.16.840.1.113730.3.4.18
> 1.2.840.113556.1.4.1413
> 1.2.840.113556.1.4.1339
> 1.2.840.113556.1.4.319
> 1.2.826.0.1.334810.2.3

If you grabbed these OIDs from rootDSE on ldap://ldap.openldap.org/ you
can also nicely display the OIDs and their meaning with this tool:


>> Which version of OpenLDAP are you using?
> openldap Version     : 2.2.13

That's a pretty old version. I guess many of the controls, ext. ops. and
features are not implemented in this old release.

See below what my local build of OpenLDAP 2.3.7 lists (web2ldap's output).

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com

-------------------------------- snip --------------------------------

supportedControl >>
    Proxied Authorization (version 2) (2.16.840.1.113730.3.4.18):
    For assuming the identity of another entry for the duration of a
    request. (see draft-weltman-ldapv3-proxy-06.txt)
    ManageDsaIT (2.16.840.1.113730.3.4.2):
    (see RFC 3296)
    Subentries (
    (see RFC 3672)
    LDAP_SERVER_SEARCH_OPTIONS_OID (1.2.840.113556.1.4.1340):
    Search options control (Stateless) (see Platform SDK: DSML
    Services for Windows)
    LDAP_SERVER_PERMISSIVE_MODIFY_OID (1.2.840.113556.1.4.1413):
    Permissive modify control (Stateless) (see Platform SDK: DSML
    Services for Windows)
    LDAP_SERVER_DOMAIN_SCOPE_OID (1.2.840.113556.1.4.1339):
    Domain scope control (Stateless) (see Platform SDK: DSML Services
    for Windows)
    paged Results (1.2.840.113556.1.4.319):
    (see RFC2696)
    valuesReturnFilter (1.2.826.0.1.334810.2.3):
    (see RFC3876)
    LDAP Post-read Control (
    (see draft-zeilenga-ldap-readentry-04.txt)
    LDAP Pre-read Control (
    (see draft-zeilenga-ldap-readentry-04.txt)
    Assertion Control (
    (see draft-zeilenga-ldap-assert-05.txt)

supportedExtension >>
    Start TLS (
    (see RFC 2830)
    Modify Password (
    modification of user passwords (see RFC 3062)
    Who am I? (
    (see draft-zeilenga-ldap-authzid-10.txt)

supportedFeatures >>
    Modify-Increment (
    (see draft-zeilenga-ldap-incr-01.txt)
    All Operational Attributes (
    Provide a simple mechanism which clients may use to request the
    return of all operational attributes. (see RFC 3673)
    OC AD Lists (
    Return of all attributes of an object class (see
    True/False filters (
    absolute True (&) and False (|) filters (see
    Language Tag Options (
    storing attributes with language tag options in the DIT (see RFC
    Language Range Options (
    language range matching of attributes with language tag options
    stored in the DIT (see RFC 3866)