[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Server configuration for controls and extends HOWTO



Hi Michael,

You got me right, I took those OIDs from the openLDAP site (and thanks for the URL)...

I have installed the $OpenLDAP: slapd 2.3.7 on my system; but I still can not see the supported Controls on the server. I am trying to test the controls functionality of my LDAP client for the controls and am not able to get those on my server.

Please hint me as for a newbie as to how can I get these available on my openLDAP server.

Thanks a lot for your help...
Naresh

----- Original Message ----- From: "Michael Ströder" <michael@stroeder.com>
To: "Naresh Verma" <ixnaresh@gmail.com>
Cc: <OpenLDAP-software@OpenLDAP.org>
Sent: Friday, September 23, 2005 4:05 PM
Subject: Re: OpenLDAP Server configuration for controls and extends HOWTO



Naresh Verma wrote:
Thanks Michael for help,

Please see the inline answers to your queries -

I have spent about 2 weeks searching the web, looking for OpenLDAP
server configurations for supporting the *Controls & extends*.


Can you please elaborate which controls and extended
operations you're after?

NKV> I am looking for - 2.16.840.1.113730.3.4.2 2.16.840.1.113730.3.4.18 1.3.6.1.4.1.4203.666.5.6 1.3.6.1.4.1.4203.1.10.2 1.3.6.1.4.1.4203.1.10.1 1.2.840.113556.1.4.1413 1.2.840.113556.1.4.1339 1.2.840.113556.1.4.319 1.2.826.0.1.334810.2.3

If you grabbed these OIDs from rootDSE on ldap://ldap.openldap.org/ you can also nicely display the OIDs and their meaning with this tool:

http://mstroeder.homeip.net:1760/web2ldap?ldap://ldap.openldap.org/

Which version of OpenLDAP are you using?

openldap Version : 2.2.13

That's a pretty old version. I guess many of the controls, ext. ops. and features are not implemented in this old release.

See below what my local build of OpenLDAP 2.3.7 lists (web2ldap's output).

Ciao, Michael.

--
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com

-------------------------------- snip --------------------------------

supportedControl >>
   Proxied Authorization (version 2) (2.16.840.1.113730.3.4.18):
   For assuming the identity of another entry for the duration of a
   request. (see draft-weltman-ldapv3-proxy-06.txt)
   ManageDsaIT (2.16.840.1.113730.3.4.2):
   (see RFC 3296)
   Subentries (1.3.6.1.4.1.4203.1.10.1):
   (see RFC 3672)
   LDAP_SERVER_SEARCH_OPTIONS_OID (1.2.840.113556.1.4.1340):
   Search options control (Stateless) (see Platform SDK: DSML
   Services for Windows)
   LDAP_SERVER_PERMISSIVE_MODIFY_OID (1.2.840.113556.1.4.1413):
   Permissive modify control (Stateless) (see Platform SDK: DSML
   Services for Windows)
   LDAP_SERVER_DOMAIN_SCOPE_OID (1.2.840.113556.1.4.1339):
   Domain scope control (Stateless) (see Platform SDK: DSML Services
   for Windows)
   paged Results (1.2.840.113556.1.4.319):
   (see RFC2696)
   valuesReturnFilter (1.2.826.0.1.334810.2.3):
   (see RFC3876)
   LDAP Post-read Control (1.3.6.1.1.13.2):
   (see draft-zeilenga-ldap-readentry-04.txt)
   LDAP Pre-read Control (1.3.6.1.1.13.1):
   (see draft-zeilenga-ldap-readentry-04.txt)
   Assertion Control (1.3.6.1.1.12):
   (see draft-zeilenga-ldap-assert-05.txt)

supportedExtension >>
   Start TLS (1.3.6.1.4.1.1466.20037):
   (see RFC 2830)
   Modify Password (1.3.6.1.4.1.4203.1.11.1):
   modification of user passwords (see RFC 3062)
   Who am I? (1.3.6.1.4.1.4203.1.11.3):
   (see draft-zeilenga-ldap-authzid-10.txt)

supportedFeatures >>
   Modify-Increment (1.3.6.1.1.14):
   (see draft-zeilenga-ldap-incr-01.txt)
   All Operational Attributes (1.3.6.1.4.1.4203.1.5.1):
   Provide a simple mechanism which clients may use to request the
   return of all operational attributes. (see RFC 3673)
   OC AD Lists (1.3.6.1.4.1.4203.1.5.2):
   Return of all attributes of an object class (see
   draft-zeilenga-ldap-adlist-11.txt)
   True/False filters (1.3.6.1.4.1.4203.1.5.3):
   absolute True (&) and False (|) filters (see
   draft-zeilenga-ldap-t-f-10.txt)
   Language Tag Options (1.3.6.1.4.1.4203.1.5.4):
   storing attributes with language tag options in the DIT (see RFC
   3866)
   Language Range Options (1.3.6.1.4.1.4203.1.5.5):
   language range matching of attributes with language tag options
   stored in the DIT (see RFC 3866)