Hi,
I'm using OpenLDAP backend with .NET 2.0 System.DirectoryServices.Protocols API in my application. I'm trying to issue PagedResult control as part of my request to get results in multiple pages that code can navigate. This would use rfc2696 which is already supported in OpenLDAP. But when I run my code it comes back with exception that ''critical control unavailable in context'.
I've attached the capture from OpenLDAP server
##
T 10.218.5.27:33236 -> 10.217.94.154:389 [AP]
0........c....s.!dc=openldap,dc=dev,dc=net6,dc=com...................... .objectClass..person0.... ..distinguishedName..sn..manager...../0....)..1.2.840.1
13556.1.4.319.....0...........
#
T 10.217.94.154:389 -> 10.218.5.27:33236 [AP]
03...e...5...'critical control unavailable in context
#
But OpenLDAP does support the control 1.2.840.113556.1.4.319 as listed in my query response against rootDSE below
DB2-95-02:~ # ldapsearch -x -h 10.217.94.154 -b "" -s base '(objectclass=*)' +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#
#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=openldap,dc=dev,dc=net6,dc=com
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
entryDN:
subschemaSubentry: cn=Subschema
Any idea why the server responds with ''critical control unavailable in context' message? I'm using OpenLDAP v 2.3.19
[root@labvmware ~]# slapd -V
@(#) $OpenLDAP: slapd 2.3.19 (Feb 13 2006 11:19:24) $
root@ls20-bc1-14.build.redhat.com:/usr/src/build/708086-i386/BUILD/openl dap-2.3.19/openldap-2.3.19/build-servers/servers/slapd
Thanks,
Navaneetha
Hi,
Navaneetha Subramanian a écrit :
Hi,
I’m using OpenLDAP backend with .NET 2.0 System.DirectoryServices.Protocols API in my application. I’m trying to issue PagedResult control as part of my request to get results in multiple pages that code can navigate. This would use rfc2696 which is already supported in OpenLDAP. But when I run my code it comes back with exception that ‘'critical control unavailable in context’.
I’ve attached the capture from OpenLDAP server
##
T 10.218.5.27:33236 -> 10.217.94.154:389 [AP]
0........c....s.!dc=openldap,dc=dev,dc=net6,dc=com.......................objectClass..person0.... ..distinguishedName..sn..manager...../0....)..1.2.840.1
13556.1.4.319.....0...........
#
T 10.217.94.154:389 -> 10.218.5.27:33236 [AP]
03...e...5...'critical control unavailable in context
#
But OpenLDAP does support the control 1.2.840.113556.1.4.319 as listed in my query response against rootDSE below
DB2-95-02:~ # ldapsearch -x -h 10.217.94.154 -b "" -s base '(objectclass=*)' +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#
#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=openldap,dc=dev,dc=net6,dc=com
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
*supportedControl: 1.2.840.113556.1.4.319*
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
entryDN:
subschemaSubentry: cn=Subschema
Any idea why the server responds with ‘'critical control unavailable in context’ message? I’m using OpenLDAP v 2.3.19
Not all of OpenLDAP's backends support all controls. Which backend are you using? It's probably easiest just to send your config file (slapd.conf, but remember to remove sensitive data like passwords!).
As a side note, 2.3.19 is now a very old version! You really should upgrade, at least to 2.3.43.
Jonathan
On Thursday 23 October 2008 02:13:53 Navaneetha Subramanian wrote:
I'm using OpenLDAP backend with .NET 2.0 System.DirectoryServices.Protocols API in my application. I'm trying to issue PagedResult control as part of my request to get results in multiple pages that code can navigate. This would use rfc2696 which is already supported in OpenLDAP. But when I run my code it comes back with exception that ''critical control unavailable in context'.
What database are you using? IOW, what do you have for the database line in slapd.conf ?
Hi,
"Navaneetha Subramanian" Navaneetha.Subramanian@citrix.com writes:
Hi,
I’m using OpenLDAP backend with .NET 2.0 System.DirectoryServices.Protocols API in my application. I’m trying to issue PagedResult control as part of my request to get results in multiple pages that code can navigate. This would use rfc2696 which is already supported in OpenLDAP. But when I run my code it comes back with exception that ‘'critical control unavailable in context’.
I’ve attached the capture from OpenLDAP server
try ldapsearch -Epr=10 -x -H ldap://<host> -b <searchbase> <filter> <attributes>
-E calls extended operations pr is paged result 10 the number of returned entries.
-Dieter
Dieter Kluenter wrote:
Hi,
"Navaneetha Subramanian" Navaneetha.Subramanian@citrix.com writes:
Hi,
I’m using OpenLDAP backend with .NET 2.0 System.DirectoryServices.Protocols API in my application. I’m trying to issue PagedResult control as part of my request to get results in multiple pages that code can navigate. This would use rfc2696 which is already supported in OpenLDAP. But when I run my code it comes back with exception that ‘'critical control unavailable in context’.
I’ve attached the capture from OpenLDAP server
try ldapsearch -Epr=10 -x -H ldap://<host> -b <searchbase> <filter>
<attributes>
-E calls extended operations pr is paged result 10 the number of returned entries.
Actually, you should use -E '!pr=10'; the '!' means "critical". This would reproduce the exact condition that triggered the error you noticed.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Thanks for all you input. Trying the ldapsearch with -E pr(paged result) command gives the same error
DB2-95-02:~ # ldapsearch -E '!pr=10' -x -h 10.217.94.154 -b "dc=openldap,dc=dev,dc=net6,dc=com" -s sub '(objectclass=person)' dn # extended LDIF # # LDAPv3 # base <dc=openldap,dc=dev,dc=net6,dc=com> with scope subtree # filter: (objectclass=person) # requesting: dn # with pagedResults critical control: size=10 #
# search result search: 2 result: 53 Server is unwilling to perform text: critical control unavailable in context
Following is listing from slapd.conf file
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules: # modulepath /usr/lib/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database ldbm suffix "dc=openldap,dc=dev,dc=net6,dc=com" rootdn "cn=Manager,dc=openldap,dc=dev,dc=net6,dc=com" rootpw {SSHA}password_here
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database defaultaccess write
Seems like we use ldbm database. Does it support paged result in the version we use (2.3.19)? If not, is it supported in a later version?
Thanks, Navaneetha
-----Original Message----- From: openldap-software-bounces+navaneetha.subramanian=citrix.com@OpenLDAP.org [mailto:openldap-software-bounces+navaneetha.subramanian=citrix.com@Open LDAP.org] On Behalf Of Pierangelo Masarati Sent: Thursday, October 23, 2008 7:57 AM To: Dieter Kluenter Cc: openldap-software@openldap.org Subject: Re: openLDAP paged response problem
Dieter Kluenter wrote:
Hi,
"Navaneetha Subramanian" Navaneetha.Subramanian@citrix.com writes:
Hi,
I'm using OpenLDAP backend with .NET 2.0
System.DirectoryServices.Protocols API in my
application. I'm trying to issue PagedResult control as part of my
request to get
results in multiple pages that code can navigate. This would use
rfc2696 which is
already supported in OpenLDAP. But when I run my code it comes back
with exception
that ''critical control unavailable in context'.
I've attached the capture from OpenLDAP server
try ldapsearch -Epr=10 -x -H ldap://<host> -b <searchbase> <filter>
<attributes>
-E calls extended operations pr is paged result 10 the number of returned entries.
Actually, you should use -E '!pr=10'; the '!' means "critical". This would reproduce the exact condition that triggered the error you noticed.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Navaneetha Subramanian wrote:
Thanks for all you input. Trying the ldapsearch with -E pr(paged result) command gives the same error
DB2-95-02:~ # ldapsearch -E '!pr=10' -x -h 10.217.94.154 -b "dc=openldap,dc=dev,dc=net6,dc=com" -s sub '(objectclass=person)' dn # extended LDIF # # LDAPv3 # base <dc=openldap,dc=dev,dc=net6,dc=com> with scope subtree # filter: (objectclass=person) # requesting: dn # with pagedResults critical control: size=10 #
# search result search: 2 result: 53 Server is unwilling to perform text: critical control unavailable in context
Following is listing from slapd.conf file
<...>
database ldbm
ldbm does not support paged results. Note that this is not the only, nor the main reason for avoiding the use of back-ldbm. You should use back-bdb or back-hdb, possibly with a recent version of OpenLDAP.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Thanks for your prompt response.
We use ver 2.3.19 which is quite old. That is just a test server. Does any later release support paged result for ldbm? Or do we have to use either back-bdb or back-hdb to get paging support?
What are reasons to not use ldbm backend? Is there a place where I can read about this?
I am new to OpenLDAP and any help is appreciated.
Thanks, Navaneetha
-----Original Message----- From: Pierangelo Masarati [mailto:ando@sys-net.it] Sent: Thursday, October 23, 2008 9:53 AM To: Navaneetha Subramanian Cc: openldap-software@openldap.org Subject: Re: openLDAP paged response problem
Navaneetha Subramanian wrote:
Thanks for all you input. Trying the ldapsearch with -E pr(paged result) command gives the same error
DB2-95-02:~ # ldapsearch -E '!pr=10' -x -h 10.217.94.154 -b "dc=openldap,dc=dev,dc=net6,dc=com" -s sub '(objectclass=person)' dn # extended LDIF # # LDAPv3 # base <dc=openldap,dc=dev,dc=net6,dc=com> with scope subtree # filter: (objectclass=person) # requesting: dn # with pagedResults critical control: size=10 #
# search result search: 2 result: 53 Server is unwilling to perform text: critical control unavailable in context
Following is listing from slapd.conf file
<...>
database ldbm
ldbm does not support paged results. Note that this is not the only, nor the main reason for avoiding the use of back-ldbm. You should use back-bdb or back-hdb, possibly with a recent version of OpenLDAP.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
--On October 23, 2008 9:58:57 AM -0700 Navaneetha Subramanian Navaneetha.Subramanian@citrix.com wrote:
Thanks for your prompt response.
We use ver 2.3.19 which is quite old. That is just a test server. Does any later release support paged result for ldbm? Or do we have to use either back-bdb or back-hdb to get paging support?
What are reasons to not use ldbm backend? Is there a place where I can read about this?
I am new to OpenLDAP and any help is appreciated.
ldbm had numerous problems, particularly around database corruption. That is why it was replaced by back-bdb and back-hdb, and why it was removed entirely from the OpenLDAP 2.4.12 release.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On October 23, 2008 6:53:18 PM +0200 Pierangelo Masarati ando@sys-net.it wrote:
<...>
database ldbm
ldbm does not support paged results. Note that this is not the only, nor the main reason for avoiding the use of back-ldbm. You should use back-bdb or back-hdb, possibly with a recent version of OpenLDAP.
Given that bugs in the paged results control were fixed since 2.3.19, I'd highly recommend using a later release.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Buchan Milne -
Dieter Kluenter -
Jonathan Clarke -
Navaneetha Subramanian -
Pierangelo Masarati -
Quanah Gibson-Mount