Michael Ströder wrote:
hyc@symas.com wrote:
As an alternative, I suggest modifying slapd/ad.c to treat "=" the same as "-" in an option definition. Then simply adding attributeoption range= to slapd.conf will allow the values to be recognized. (With the constraint that '=' must be the final character in the option definition...)
Let the client decide if they want to go thru the trouble of retrieving all the values or not. Certainly, for slapd to do it implicitly will overburden the (pathetically broken) AD server (otherwise they wouldn't need to break the value up into ranges in the first place). Indeed, doing this implicitly would amount to a DOS attack on the AD server.
I strongly agree with Howard here. The work-around for "=" seems enough. If someone really writes an app which needs the range feature it should access AD directly.
Right.
This is now changed in HEAD. If an attributeoption is configured that ends with '=' then MSAD compatibility is enabled, otherwise '=' is rejected as usual.