On 14/09/2010 11:33, [email protected] wrote: > Full_Name: Clement OUDOT > Version: 2.4.23 > OS: GNU/Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (83.145.72.122) > > > Hi, > > I am using OpenLDAP 2.4.23 compiled with --enable-overlays (RPMs from > http://www.ltb-project.org). Overlays are not compiled as modules. > > Overlay sssvlv is compiled, but not activated in configuration > > But: > * SSS and VLV controls are displayed in RootDSE > * SSS control is taken into account if present in an LDAP search operation > > For example, a search with SSS control on cn (which has no ordering rule) > gives: > result: 18 Inappropriate matching > text: serverSort control: No ordering rule > > > The error would be normal if overlay has been activated, but I think control > should be ignored if overlay is not active.
I hit this exact same issue just last week - it seems that when the overlay is compiled in, the SSS control is displayed in the rootDSE. In my case, this caused a client to attempt to use the control, then fail with a similar message as above. Without the overlay compiled in, the client just doesn't use the control, and the client's operation suceeded. My point is that I agree this probably shouldn't be activated by default, or at the very least a clear warning added in the documentation. Jonathan -- ========================================== Jonathan CLARKE ------------------------------------------ Normation 44 rue Cauchy, 94110 Arcueil, France ------------------------------------------ Telephone: +33 (0)1 83 62 26 96 ------------------------------------------ Web: http://www.normation.com/ ==========================================
