[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Server configuration for controls and extends HOWTO

Hi Michael,

You got me right, I took those OIDs from the openLDAP site (and thanks for the URL)...

I have installed the $OpenLDAP: slapd 2.3.7 on my system; but I still can not see the supported Controls on the server. I am trying to test the controls functionality of my LDAP client for the controls and am not able to get those on my server.

Please hint me as for a newbie as to how can I get these available on my openLDAP server.

Thanks a lot for your help...

----- Original Message ----- From: "Michael Ströder" <michael@stroeder.com>
To: "Naresh Verma" <ixnaresh@gmail.com>
Cc: <OpenLDAP-software@OpenLDAP.org>
Sent: Friday, September 23, 2005 4:05 PM
Subject: Re: OpenLDAP Server configuration for controls and extends HOWTO

Naresh Verma wrote:
Thanks Michael for help,

Please see the inline answers to your queries -

I have spent about 2 weeks searching the web, looking for OpenLDAP
server configurations for supporting the *Controls & extends*.

Can you please elaborate which controls and extended
operations you're after?

NKV> I am looking for - 2.16.840.1.113730.3.4.2 2.16.840.1.113730.3.4.18 1.2.840.113556.1.4.1413 1.2.840.113556.1.4.1339 1.2.840.113556.1.4.319 1.2.826.0.1.334810.2.3

If you grabbed these OIDs from rootDSE on ldap://ldap.openldap.org/ you can also nicely display the OIDs and their meaning with this tool:


Which version of OpenLDAP are you using?

openldap Version : 2.2.13

That's a pretty old version. I guess many of the controls, ext. ops. and features are not implemented in this old release.

See below what my local build of OpenLDAP 2.3.7 lists (web2ldap's output).

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com

-------------------------------- snip --------------------------------

supportedControl >>
   Proxied Authorization (version 2) (2.16.840.1.113730.3.4.18):
   For assuming the identity of another entry for the duration of a
   request. (see draft-weltman-ldapv3-proxy-06.txt)
   ManageDsaIT (2.16.840.1.113730.3.4.2):
   (see RFC 3296)
   Subentries (
   (see RFC 3672)
   LDAP_SERVER_SEARCH_OPTIONS_OID (1.2.840.113556.1.4.1340):
   Search options control (Stateless) (see Platform SDK: DSML
   Services for Windows)
   LDAP_SERVER_PERMISSIVE_MODIFY_OID (1.2.840.113556.1.4.1413):
   Permissive modify control (Stateless) (see Platform SDK: DSML
   Services for Windows)
   LDAP_SERVER_DOMAIN_SCOPE_OID (1.2.840.113556.1.4.1339):
   Domain scope control (Stateless) (see Platform SDK: DSML Services
   for Windows)
   paged Results (1.2.840.113556.1.4.319):
   (see RFC2696)
   valuesReturnFilter (1.2.826.0.1.334810.2.3):
   (see RFC3876)
   LDAP Post-read Control (
   (see draft-zeilenga-ldap-readentry-04.txt)
   LDAP Pre-read Control (
   (see draft-zeilenga-ldap-readentry-04.txt)
   Assertion Control (
   (see draft-zeilenga-ldap-assert-05.txt)

supportedExtension >>
   Start TLS (
   (see RFC 2830)
   Modify Password (
   modification of user passwords (see RFC 3062)
   Who am I? (
   (see draft-zeilenga-ldap-authzid-10.txt)

supportedFeatures >>
   Modify-Increment (
   (see draft-zeilenga-ldap-incr-01.txt)
   All Operational Attributes (
   Provide a simple mechanism which clients may use to request the
   return of all operational attributes. (see RFC 3673)
   OC AD Lists (
   Return of all attributes of an object class (see
   True/False filters (
   absolute True (&) and False (|) filters (see
   Language Tag Options (
   storing attributes with language tag options in the DIT (see RFC
   Language Range Options (
   language range matching of attributes with language tag options
   stored in the DIT (see RFC 3866)