Re: Add supportedExtensions to LDAP proxy

[Howard Chu <hyc@symas.com>]

Philip Brusten wrote:
> Hi
> 
> We have set up an LDAP proxy (slapd-ldap) in front of a NetIQ eDirectory.
> 
> The LDAP-client  which connects to the proxy uses an extended operation, but the request fails because the proxy is not aware of this extension:
> 
> do_extended: unsupported operation "2.16.840.1.113719.1.39.42.100....
> RESULT tag=120 err=2 text=unsupported extended operation
> 
> # ldapsearch -H ldaps://proxy:port -b '' -s base -D <snip> -W -LLL supportedExtension
> Enter LDAP Password:
> dn:
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedExtension: 1.3.6.1.1.8
> 
> Whereas the NetIQ eDirectory back-end supports lots of custom NetIQ extensions:
> 
> # ldapsearch -H ldaps://backend:port -b '' -s base -D <snip> -W -LLL supportedExtension
> Enter LDAP Password:
> dn:
> supportedExtension: 2.16.840.1.113719.1.39.42.100.1

> Is there a way to allow these extensions on the proxy?

Write yourself a dynamic module to register those extension OIDs in back-ldap.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/