[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server-Side Sort Overlay ordering problems

To: openldap-technical@openldap.org
Subject: Re: Server-Side Sort Overlay ordering problems
From: Edward Capriolo <edlinuxguru@gmail.com>
Date: Fri, 22 Jan 2010 17:25:07 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=sy4UCxsxmmwkI24KnnewxVOnTp67jSTmG0UQMGJugFY=; b=HOVyjrVKL0TgJ3fQi41wWP6WwHkZpWyTWFpLGHG2o3m9d0FR0P9/tQpWyFKfInW4A0 rh7qnLVYNCs+buxHaQF5UQsGPkQy57641CBZ/K3q/pXUfAM7BUthgEIwIbb+GHoOjzb8 3DOBaHo15JUkINK76iM2qagzTaWw5M2bH2VGw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=EoXgQGfon0MS0oQkUdDiUwtB/Zw2luc9X7uzYfW/Qhu6e4Tw8/EXSwAzOwuXvnZcu1 c5LlHn8ZWV9/17kZiNddg8nvoNVoDtdzd3UEB0f+RvyUpFQo8wfGMviLjVE1ve9S5qcO u6JSxtk0u0AbvQ6k+YWU6A7PwPI6AvhgUD7P8=
In-reply-to: <947ae3441001151030y187dcc10q3ff12a71e60c74a1@mail.gmail.com>
References: <947ae3441001150527w34b31c3y6fab1358f041dd49@mail.gmail.com> <cbbf4b571001150906o2b13b20dv2888935ac2b45f9a@mail.gmail.com> <D05D4D82D2D3C9EFA8789804@192.168.1.2> <947ae3441001151030y187dcc10q3ff12a71e60c74a1@mail.gmail.com>

On Fri, Jan 15, 2010 at 1:30 PM, Diego Lima <lists@diegolima.org> wrote:
> Hi,
>
> 2010/1/15 Quanah Gibson-Mount <quanah@zimbra.com>
>>
>> --On Friday, January 15, 2010 12:06 PM -0500 Edward Capriolo
>> <edlinuxguru@gmail.com> wrote:
>>
>>> Diego,
>>>
>>> You and I have the same issue. UID and CN are not in the schema they
>>> are compiled into LDAP some how, so there is no way to apply an
>>> ordering rule. I can not find if this is possible, or what is involved
>>> in making it happen.
>
> I'm currently testing a quick and dirty hack that I made to
> servers/slapd/schema_prep.c:
> --- schema_prep.c.ori 2010-01-15 13:28:04.000000000 -0200
> +++ /root/openldap-2.4.21/servers/slapd/schema_prep.c 2010-01-15
> 13:04:56.000000000 -0200
> @@ -915,6 +915,7 @@ static struct slap_schema_ad_map {
>   offsetof(struct slap_internal_schema, si_ad_name) },
>   { "cn", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) "
>   "DESC 'RFC4519: common name(s) for which the entity is known by' "
> + "ORDERING caseIgnoreOrderingMatch "
>   "SUP name )",
>   NULL, 0,
>   NULL, NULL,
> @@ -924,6 +925,7 @@ static struct slap_schema_ad_map {
>   "DESC 'RFC4519: user identifier' "
>   "EQUALITY caseIgnoreMatch "
>   "SUBSTR caseIgnoreSubstringsMatch "
> + "ORDERING caseIgnoreOrderingMatch "
>   "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )",
>   NULL, 0,
>   NULL, NULL,
>
> By making these changes I've been able to get around my current problem, but
> it might not be as stable as you expect.
>
>>
>> You can find these attributes defined in the code in servers/slapd.
>>
>> However, I will note, the definitions of these attributes are RFC defined.
>> They have no ORDERING rule on purpose.
>>
>> --Quanah
>
> Thanks for the input Quanah, but the problem is we have some legacy
> applications that used a really old LDAP server where this was allowed. I'm
> trying to migrate the server (that's a fedora directory from fedora 6) to a
> new openldap-based one. I must, however, maintain compatibility with the
> existing applications.
> Is there any problem (despite not being RFC-compliant) on enabling ordering
> on these attributes?
>
> --
> Diego Lima
>

So I have implemented this patch.

Now my client greats me with: Unavailable critical extension
I see this in the log


@400000004b5a1ea4146c62cc => get_ctrls: oid="1.2.840.113556.1.4.473"
(noncritical)
@400000004b5a1eb912121b34 => get_ctrls: oid="1.2.840.113556.1.4.473" (critical)

I find this as advice:

http://www.openldap.org/lists/openldap-software/200408/msg00321.html

access to dn.exact="" attrs=supportedControl val=1.2.840.113556.1.4.319
   by * none


Yet this does not work:

@400000004b5a2339219ce584 /usr/local/openldap/etc/openldap/slapd.conf:
line 44: attr "supportedControl" does not have an EQUALITY matching
rule.

This address book thing is totally whipping my rear.

I am configured like so:

 addConfOpt  "--prefix=/usr/local/openldap"  #base of the installation
  addConfOpt  "--enable-debug=yes"
  addConfOpt  "--enable-ip6=no"
  addConfOpt  "--enable-crypt=yes"
  addConfOpt  "--enable-wrapper=yes"
  addConfOpt  "--enable-module=yes"
  addConfOpt  "--enable-bdb=yes"
  addConfOpt  "--enable-shell=yes"
  addConfOpt  "--enable-null=yes"
  addConfOpt  "--enable-overlays=yes"
  addConfOpt  "--enable-shared=yes"
  addConfOpt  "--with-threads=yes"
  addConfOpt  "--with-tls"
  addConfOpt  "--enable-sssvlv" # need this for server side sorting
outlook address book

Unless someone else can tell me they have this working I will give up.

Thanks,
Ed

References:
- Server-Side Sort Overlay ordering problems
  - From: Diego Lima <lists@diegolima.org>
- Re: Server-Side Sort Overlay ordering problems
  - From: Edward Capriolo <edlinuxguru@gmail.com>
- Re: Server-Side Sort Overlay ordering problems
  - From: Diego Lima <lists@diegolima.org>

Prev by Date: openldap mirror mode
Next by Date: Re: OpenLDAP does not seem to start
Index(es):
- Chronological
- Thread