Re: Add supportedExtensions to LDAP proxy

[Howard Chu <hyc@symas.com>]

Philip Brusten wrote:
> 
> On 7/01/2019 17:59, Howard Chu wrote:
>> Philip Brusten wrote:
>>> On 3/01/2019 18:09, Howard Chu wrote:
>>>> Philip Brusten wrote:
>>>>> Is there a way to allow these extensions on the proxy?
>>>> Write yourself a dynamic module to register those extension OIDs in back-ldap.
>>> So there is no current way to support these extensions via configuration?
>> Extensions, by their very nature, require code to implement them. So no, you cannot
>> configure new functionality into existence without writing your own module.
> In the context of a proxy this is a big overhead. IMHO this should be possible via configuration in case of an LDAP-proxy. It just needs to allow the extension
> to passthrough, not to implement the logic behind it, or is this too short-sighted?

It's not that simple. Advertising a supportedExtension in the rootDSE implies that the
entire server supports them. slapd allows multiple backends to operate at once, and what
you're talking about would only be valid for a single specific back-ldap instance.

The standard format for extended ops doesn't include a DN, and slapd uses the DN to
determine which backend should process an incoming op. So there's no generic way
for slapd to correctly forward an incoming exop to the correct backend, or the proxy backend.
Every op must be handled explicitly and must be at least parsed in order for slapd to
be able to route it.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/