I still haven't looked at the source for the scriptableJNDIServices.attribute() method but I have looked at several packet captures and the observed behavior doesn't appear "right". It appears as though this method never actually constructs an attribute list. It appears to submit a search request for the base object and no attributes (effectively returning all attributes) and then picks the attribute needed out of the result set. If this method constructed an actual attribute list based on the attribute name that was passed in it could be used for operational attributes and ranging. It would also become a lot more efficient by eliminating a lot of unneeded data from the process. Is this intended behavior or a bug/oversight?
-Jon C. Kidder American Electric Power Middleware Services Email: [email protected]<mailto:[email protected]> Phone: 614-716-4970 From: [email protected] [mailto:[email protected]] On Behalf Of Jon C Kidder Sent: Wednesday, August 14, 2013 9:14 AM To: Sébastien Bahloul Cc: [email protected] Subject: Re: [lsc-users] Microsoft ranging This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. ________________________________ Thanks for the feedback Sebastien. I do not have a lot of time to allocate to the effort but I will take a look at what was started for issue 254 and would be interested in continuing the work. I thought I found a way to do this in JavaScript by manipulating the attribute name and submitting the supplemental searches using srcLDAP.attribute but I'm not getting the behavior I intuitively expected from that method. I haven't looked at the source in detail but was curious if that method does any manipulation of the attribute name it gets passed? -Jon C. Kidder American Electric Power Middleware Services Email: [email protected]<mailto:[email protected]> Phone: 614-716-4970 From: Sébastien Bahloul [mailto:[email protected]] Sent: Wednesday, August 14, 2013 3:20 AM To: Jon C Kidder Cc: [email protected]<mailto:[email protected]> Subject: Re: [lsc-users] Microsoft ranging This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. ________________________________ Hi John, You are 100% right, the code has been started but neither finished nor integrated (http://tools.lsc-project.org/issues/254). If you are interested in implementing this feature, we will be glad to integrate it Best regards, Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2013/8/13 Jon C Kidder <[email protected]<mailto:[email protected]>> Has anyone successfully replicated using LSC and Microsoft's implementation of ranging? I saw the link to the KB about increasing the maxValRange registry setting. I have no control over our domain controllers. Our domain admins are heavily dependent upon Microsoft for support. Our Microsoft contacts are insisting that we change the code instead of the registry. I saw an old bug tracker case where someone appears to have started handling this in LSC code but I don't see where that work was ever finished. I'm curious if anyone has done this before? I don't want to re-invent the wheel if I don't have to. -Jon C. Kidder American Electric Power Middleware Services Email: [email protected]<mailto:[email protected]> Phone: 614-716-4970<tel:614-716-4970> _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
