[Date Prev][Date Next] [Chronological] [Thread] [Top]

Outlook LDAP Addressbook Browsing - Add ORDERING caseIgnoreOrderingMatch on CN or NAME core attributes without source code modification and re-compilition




Hi,

We currently used openldap as provided out of the box (binary) by Ubuntu 12.04 LTS.

We need to enable Outlook LDAP Addressook browsing when used with our OpenLDAP current setup.

According to past posts on the OpenLDAP technical mailing list, there seems to be two requirements:
- Add ORDERING caseIgnoreOrderingMatch in the definition of core schema attribute CN (or Name)
- Enable LDAP Virtual List View (VLV - OID: 2.16.840.1.113730.3.4.9) control and Server Side Control (SSS - OID: 1.2.840.113556.1.4.473) control on the OpenLDAP server

### Modify (or extend, or replace) definition of core schema attribute

As per those posts below, it is possible to mofidy core schema attribute(s) by updating source code and recompiling openldap.
http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201001/msg00077.html
http://www.openldap.org/cgi-bin/wilma_hiliter/openldap-technical/201212/msg00055.html?line=74#hilite

Unfortunately this is not an option for us.

Is there other way(s) via a local schema or else to modify/extend definition of OpenLDAP core attributes without modifying source code and recompiling?

Via ldpamodify or via the creation of a module/overlay maybe that could be loaded via openldap configuration file slapd.conf at startup?

The slapd.conf method would be our preference at the moment.

As last resort, if not technically possible via slapd.conf, would using the OpenLDAP On-Line Configuration (OLC - cn=config - slapd.config) method instead allow such extend/modification of core schema attributes?
If yes how?

We are aware that may render our ldapserver no longer fully RFC compliant, but we need to be pragmatic here to provide an effective solution to end-users.
We already use our own local LDAP schema definition anyway :-)

Thank in advance for your any help/enlightenment you could provide.

### VLV and SSS Control(s) have been enabled as follow

# Added the following in /etc/ldap/sldap.conf
(...)
moduleload sssvlv
overlay sssvlv
sssvlv-max 8
sssvlv-maxkeys 5
#sssvlv-maxperconn 5 <-- this option is not currently availabe in current database backend version
(...)

# Restart ldap server
/etc/init.d/slapd restart

# Check
ldapsearch -x -b '' -s base '(ObjectClass=*)' + -D "uid=richard,ou=people,dc=example,dc=com" -W
(...)
supportedControl: 2.16.840.1.113730.3.4.9 <-- LDAP Virtual List View (VLV)
supportedControl: 1.2.840.113556.1.4.473 <-- Server Side Control (SSS)
(...)

Regards,
Richard Leger