-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'd like to reopen the discussion on this issue. We're hitting this same problem with the SSSD when dealing with ActiveDirectory. It really doesn't make sense to me that every consumer of the OpenLDAP libraries should be required to reimplement this (admittedly incorrect) extension to ActiveDirectory.
As Petter suggested in his comment from April 21, 2008, ActiveDirectory provides a server control to identify that the feature is in play.
I feel that it would be beneficial to OpenLDAP's library consumers if they handled range lookups automatically and internally, similar to the way that referrals are chased.
Consumers of the OpenLDAP API should be able to reliably assume that if they ask for the set of values for an attribute of a completed request, that they will get back all of the values.
Please reconsider adding this support into OpenLDAP.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/