Stefan Seelmann wrote:
Chris Mattmann schrieb:
Hi Emmanuel,
Seems that PLA is doing a query with attr=''. On ApacheDS this returns
everything: dn and all attributes. I guess on more than 2 to 3 other LDAP
servers, this only returns the dn.
To request only the DN you should request attribute "1.1", see RFC4511,
section 4.5.1.8 [1].
See above link for more details. Any ideas here -- is this an ApacheDS
specific thing, or is there an RFC on this? Also, I would be happy to work
with you guys to contribute a patch should the need arise, just let me know
and thanks for all your help!
I tested with the ldapsearch command line:
ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -W -b
"ou=users,ou=system" -s base -a always "(objectClass=*)" ""
Please note the empty "" at the end of the command. ApacheDS returns all
user attributes, OpenLDAP returns no attributes.
I guess it depends on how the LDAP search request is built internally.
If the list of attributes is emty (but exists in the PDU), then RFC
4511 specifies :
" 1. An empty list with no attributes requests the return of all user
attributes."
This is what we return. I will check the content of the PDU though.
A second test:
ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -W -b
"ou=users,ou=system" -s base -a always "(objectClass=*)" " "
Please note the " " with the space at the end of the command. In that
case ApacheDS returns an protocol error, I'll create a Jira for that:
# extended result response
extended: 1.3.6.1.4.1.1466.20036
data:
result: 2 Protocol error
text: PROTOCOL_ERROR: The server will disconnect!
We should receive a NoSuchAttribute result, I guess...
Thanks Stefan !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
