Jonathan Clarke wrote:
This means that the same search, on the same data, can return different results at different times, depending on whether or not a previous search had succeeded and returned given attribute (samAccountName).
Currently, we have worked around this problem by either:
- running a bogus ldapsearch just after starting slapd, that returns
this attribute
- adding the attribute description to a local schema
What is the general opinion on working around this issue? Might there be a way to implement something that ensures this happens automatically? I'm thinking of delegating filter checking to proxied servers for ldap backends, or automatically fetching schemas from them... Any experience, ideas?
A properly configured server will have all of the schema definitions for every data item it serves. I would expect that you could use your colleague's schema downloader to automate this setup.
http://www.openldap.org/its/index.cgi/Contrib?id=3429