As I understood, postread control should offer a way of doing an atomic increment-and-read operation, but how is it supposed to output the result?
This does not produce any particular output: ldapsearch -x -e!postread=uidNumber uid=foo uid
Emmanuel Dreyfus wrote:
As I understood, postread control should offer a way of doing an atomic increment-and-read operation, but how is it supposed to output the result?
This does not produce any particular output: ldapsearch -x -e!postread=uidNumber uid=foo uid
It is supposed to be used on modify operations, RFC4527:
The Post-Read request control is a LDAP Control [RFC4511] whose controlType is 1.3.6.1.1.13.2 and whose controlValue, an OCTET STRING, contains a BER-encoded AttributeSelection [RFC4511], as extended by [RFC3673]. The criticality may be TRUE or FALSE. This control is appropriate for the addRequest, modifyRequest, and modDNRequest LDAP messages.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote:
It is supposed to be used on modify operations, RFC4527:
s/modify/write/, excluding delete, of course.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati ando@sys-net.it wrote:
It is supposed to be used on modify operations, RFC4527:
Sure, but that's not better:
ldapmodify -e!postread=sambaPwdLastSet < EOT dn: uid=foo,dc=example,dc=net changetype: modify increment: sambaPwdLastSet sambaPwdLastSet: 1 EOT modifying entry "uid=foo,dc=example,dc=net"
Where is the value?
Emmanuel Dreyfus wrote:
Pierangelo Masarati ando@sys-net.it wrote:
It is supposed to be used on modify operations, RFC4527:
Sure, but that's not better:
ldapmodify -e!postread=sambaPwdLastSet < EOT dn: uid=foo,dc=example,dc=net changetype: modify increment: sambaPwdLastSet sambaPwdLastSet: 1 EOT modifying entry "uid=foo,dc=example,dc=net"
Where is the value?
Probably, the version of ldaptools you're using does not print response control values.
current 2.3:
ldapmodify -e!postread=description -x -H ldap://:9011 \ -D cn=manager,dc=example,dc=com -w secret dn: dc=example,dc=com changetype: modify add: description description: foobar
modifying entry "dc=example,dc=com" control: 1.3.6.1.1.13.2 false MEwEEWRjPWV4YW1wbGUsZGM9Y29tMDcwNQQLZGVzY3JpcHRp b24xJgQcVGhlIEV4YW1wbGUsIEluYy4gYXQgQW55dG93bgQGZm9vYmFy
current HEAD:
ldapmodify -e!postread=description -x -H ldap://:9011 \ -D cn=manager,dc=example,dc=com -w secret dn: dc=example,dc=com changetype: modify add: description description: foobar2
modifying entry "dc=example,dc=com" control: 1.3.6.1.1.13.2 false MFUEEWRjPWV4YW1wbGUsZGM9Y29tMEAwPgQLZGVzY3JpcHRp b24xLwQcVGhlIEV4YW1wbGUsIEluYy4gYXQgQW55dG93bgQGZm9vYmFyBAdmb29iYXIy # ==> postread dn: dc=example,dc=com description: The Example, Inc. at Anytown description: foobar description: foobar2 # <== postread
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati ando@sys-net.it wrote:
Probably, the version of ldaptools you're using does not print response control values.
2.3.32. I see you at least have the base64 encoded value.
ldapmodify: @(#) $OpenLDAP: ldapmodify 2.3.32 (Jul 20 2007 15:28:20) $
root@botin:/usr/pkgsrc/databases/openldap-client/work/openldap-2.3.32/cl ients/tools (LDAP library: OpenLDAP 20332)
Emmanuel Dreyfus wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Probably, the version of ldaptools you're using does not print response control values.
2.3.32. I see you at least have the base64 encoded value.
Well, ldapmodify is behaving correctly anyway: clients are supposed to ignore unknown response controls, which must have FALSE criticality :)
Support for response controls was added in 2.3.38 in response to ITS#5061:
Added client tools support for ppolicy response (ITS#5061)
This feature was supposed to be tagged OpenLDAP 2.4, but the need to handle ppolicy response forced an earlier release. So ppolicy is now handled specially, while other controls are just printed as are, without beautification. But the control has always been present in the response.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Emmanuel Dreyfus wrote:
Pierangelo Masarati ando@sys-net.it wrote:
Probably, the version of ldaptools you're using does not print response control values.
2.3.32. I see you at least have the base64 encoded value.
ldapmodify: @(#) $OpenLDAP: ldapmodify 2.3.32 (Jul 20 2007 15:28:20) $
root@botin:/usr/pkgsrc/databases/openldap-client/work/openldap-2.3.32/cl ients/tools (LDAP library: OpenLDAP 20332)
Just as a side note, we'll be moving the "stable" tag from 2.3.32 to 2.3.38. Folks who only want to use the stable releases should update soon...
openldap-software@openldap.org
-
Howard Chu -
manu@netbsd.org -
Pierangelo Masarati