On 7/7/20 2:38 PM, Côme Chilliet wrote:
I have ppolicy overlay correctly set up, but the ppolicy control 1.3.6.1.4.1.42.2.27.8.5.1 is not returned in supportedControl by openldap when querying the root DSE.
My OpenLDAP server returns it.
Do you actually see any value of attribute 'supportedControl'?
If not, did you explicitly request the attribute 'supportedControl' when reading rootDSE or used '+' in the attribute list?
It is causing problems for PHP automated extension tests, the php-ldap module skips tests depending on whether associated controls are listed by the server or not, but ppolicy is never returned so the ppolicy test cannot run.
Hmm, this approach can fail because not every control or extension listed in the rootDSE is really handled.
In case of slapo-ppolicy the overlay is available in mainstream Linux distros anyway. On which platforms are you testing FusionDirectory?
Another approach is to try configuring an overlay via cn=config and skip the test if setting up the overlay failed. Of course your code for tweaking cn=config has to be 100% correct then.
Ciao, Michael.