Just a quick reply for future reference if others ask about the same and find this request.
[Kurt Zeilenga]
No. Attribute description options cannot contain equal signs. See RFC 4512.
Thank you for your reply. It was very valuable for me that is not as well lectured in the LDAP specification. It is now obvious to me that the extention used by Active Directory LDAP is outside the RFC-documented LDAP specification.
I've been told that AD range feature is documented in an expired draft RFC, available from <URL: http://www.tkk.fi/cc/docs/kerberos/draft-kashi-incremental-00.txt >. I'm not sure what was discussed about this draft, but it expired a long time ago. Anyway, the draft can be used to understand how the feature is working. It claim that it is possible to see in supportedControls if this range feature is used by the server. This could be used to enable this feature at runtime, if one wanted to implement the non-conforming feature. I suspect I have to go in that direction, as the project requirements are to use LDAP from AD. :/
If you want to implement this crap, you can do so without additional support from LDAP API. Use ldap_first/next_attribute API.
Good idea. I have since found out that this ranged multivalue feature is implemented in nss-ldap, and hope it is possible to reuse some code there in nss-ldapd.
Happy hacking,