On Fri, May 04, 2018 at 09:21:59PM +0000, quanah(a)openldap.org wrote: > As noted in the OpenLDAP source > (http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/...) > there is an issue with controls being reset with a new extended operation. This > is problematic for a proxy auth mechanism being developed, as it needs to have > the controls preserved while passing an extended op to slapd. > > A possibility would be to re-register the control, adding the corresponding > extended operations, but the parsing function resets them so this unfortunately > is not an option. The issue is actually allowing existing controls to be used with newly registered exops, since the only way to declare the compatibility would be by re-registering the control. Problem there is that built-in controls have everything static to controls.c, so it's not even possible to do that. A solution would be to add another piece of API that receives a pair of (control OID, exop OID), finds the control and adds the OID to the sc_extendedops(bv) lists. Going to do just that (register_control_exop() a decent name?).