Le 18/10/15 19:18, Radovan Semancik a écrit : > Hi, > > There is one more thing. I have just realized that API has Active > Directory DirSync control, but we do not have "Deleted" control > (1.2.840.113556.1.4.417). The AD sync is not very useful without this > control.
There are many controls (and extended operations) that AD supports and we don't : Controls : ---------- LDAP_PAGED_RESULT_OID_STRING 1.2.840.113556.1.4.319 Supported LDAP_SERVER_SHOW_DELETED_OID 1.2.840.113556.1.4.417 Not supported LDAP_SERVER_SORT_OID 1.2.840.113556.1.4.473 Supported LDAP_SERVER_RESP_SORT_OID 1.2.840.113556.1.4.474 Supported LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID 1.2.840.113556.1.4.521 Not supported LDAP_SERVER_NOTIFICATION_OID 1.2.840.113556.1.4.528 Not supported LDAP_SERVER_EXTENDED_DN_OID 1.2.840.113556.1.4.529 Not supported LDAP_SERVER_LAZY_COMMIT_OID 1.2.840.113556.1.4.619 Not supported LDAP_SERVER_SD_FLAGS_OID 1.2.840.113556.1.4.801 Not supported LDAP_SERVER_RANGE_OPTION_OID 1.2.840.113556.1.4.802 Not supported LDAP_SERVER_TREE_DELETE_OID 1.2.840.113556.1.4.805 supported LDAP_SERVER_DIRSYNC_OID 1.2.840.113556.1.4.841 Supported LDAP_SERVER_GET_STATS_OID 1.2.840.113556.1.4.970 Not supported LDAP_SERVER_VERIFY_NAME_OID 1.2.840.113556.1.4.1338 Not supported LDAP_SERVER_DOMAIN_SCOPE_OID 1.2.840.113556.1.4.1339 Not supported LDAP_SERVER_SEARCH_OPTIONS_OID 1.2.840.113556.1.4.1340 Not supported LDAP_SERVER_RODC_DCPROMO_OID 1.2.840.113556.1.4.1341 Not supported LDAP_SERVER_PERMISSIVE_MODIFY_OID 1.2.840.113556.1.4.1413 Not supported LDAP_SERVER_ASQ_OID 1.2.840.113556.1.4.1504 Not supported LDAP_SERVER_QUOTA_CONTROL_OID 1.2.840.113556.1.4.1852 Not supported LDAP_SERVER_SHUTDOWN_NOTIFY_OID 1.2.840.113556.1.4.1907 Not supported LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID 1.2.840.113556.1.4.1948 Not supported LDAP_SERVER_FORCE_UPDATE_OID 1.2.840.113556.1.4.1974 Not supported LDAP_SERVER_DN_INPUT_OID 1.2.840.113556.1.4.2026 Not supported LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064 Not supported LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065 Not supported LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID 1.2.840.113556.1.4.2066 Not supported LDAP_SERVER_DIRSYNC_EX_OID 1.2.840.113556.1.4.2090 Not supported LDAP_SERVER_TREE_DELETE_EX_OID 1.2.840.113556.1.4.2204 Not supported LDAP_SERVER_UPDATE_STATS_OID 1.2.840.113556.1.4.2205 Not supported LDAP_SERVER_SEARCH_HINTS_OID 1.2.840.113556.1.4.2206 Not supported LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID 1.2.840.113556.1.4.2211 Not supported LDAP_SERVER_POLICY_HINTS_OID 1.2.840.113556.1.4.2239 Not supported LDAP_SERVER_SET_OWNER_OID 1.2.840.113556.1.4.2255 Not supported LDAP_SERVER_BYPASS_QUOTA_OID 1.2.840.113556.1.4.2256 Not supported LDAP_SERVER_LINK_TTL_OID 1.2.840.113556.1.4.2309 Not supported LDAP_CONTROL_VLVREQUEST 2.16.840.1.113730.3.4.9 Supported LDAP_CONTROL_VLVRESPONSE 2.16.840.1.113730.3.4.10 Supported Extended operations : --------------------- LDAP_SERVER_FAST_BIND_OID 1.2.840.113556.1.4.1781 Not supported LDAP_SERVER_BATCH_REQUEST_OID 1.2.840.113556.1.4.2212 Not supported LDAP_TTL_REFRESH_OID 1.3.6.1.4.1.1466.101.119.1 Not supported LDAP_SERVER_START_TLS_OID 1.3.6.1.4.1.1466.20037 Supported LDAP_SERVER_WHO_AM_I_OID 1.3.6.1.4.1.4203.1.11.3 Supported As you can see, we do support 7 out of 38 controls, and 2 out of 5 extended operations M$ AD supports. > The implementation should be very easy and I can do that during > Monday. Do you think it is OK to do that now (before 1.0.0-M32 > release)? Or should I wait after the release? I think we can wait for another release, that may come quite quickly (I have myself some additional fixes for the LdifAnonymizer). The rationnal is that this release is quite critical due to the changes made in the way we handle the schema, and I'd like to have it out as is. Regarding the missing controls/extOps, here is what I would suggest : we could spend some time implementing a batch of the missing AD elements, and cut a release as soon as it's done. For controls, it's not necessarily complex, it's just a bit time consuming (especially the tests). The only part I'm not sure of is which ones should we include and which ones should we ignore. I suspect we should go to the full extent and make the API as complete as possible... Thoughts ?
