mhardin@symas.com wrote:
Some additional information:
Some objects being returned from AD have very large multi-valued attributes (for example, member). AD is returning them in the ";range" format, but they are not getting past back-meta. For example, a direct search for the object in AD will return stuff like this:
member;range=0-1499: CN=Alice Bar,OU=My-Company-Accounts,OU=User Accounts,OU=Common,DC=my-company,DC=com
but doing the same search through slapd/back-meta using the same credentials, the member attribute is not displayed at all. There are no attribute maps in place that would cause this.
If this is the cause, then back-meta should try to register the attribute name as a "proxied" attribute type, and slapd should be unable to correctly decode it because it contains a "=". Back-meta in the end should just ignore the whole attribute.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------