thanks for that perl snippet
it would be great to make it work with ldapsearch though, I'll make another post to see if someone has ever used it with ldapsearch
Le 12/02/2013 00:33, Bill MacAllister a écrit :
--On Monday, February 11, 2013 10:53:05 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks for that info
how do you use that control ? I tried the following :
ldapsearch -x -W -D "cn=admin,dc=company,dc=com" -b "ou=people,dc=company,dc=com" -s subtree -e 1.3.6.1.4.1.4203.666.5.14
I get : # search result search: 2 result: 2 Protocol error text: valSort control value is absent
Good luck with that. I never did figure out how to get this back from ldapsearch. I worked on the for a couple hours about a year ago, and I didn't save any of my tests. I am not a C hacker, but as I remember between reading the code and testing I got closer by base64 encoding the ber encoded value for the control and using that on the command line. But, don't hold me to that, and I never did get it to work.
It is fairly straight froward to do in perl. Here is a snipet of the important bits. You don't need the GSSAPI parts, but it was easier to leave them in.
use Net::LDAP; use Net::LDAP::Control; use Convert::ASN1; use MIME::Base64; use Authen::SASL;
# Set up the value to be used for the control my $asn = Convert::ASN1->new; $asn->prepare('SEQUENCE { b BOOLEAN }'); my $pdu = $asn->encode(b=>1); # or 1
# Create the control my $ValSortControl=Net::LDAP::Control->new( type => "1.3.6.1.4.1.4203.666.5.14", critical => 0, value => $pdu );
$ldap = Net::LDAP->new( "$opt_host" ) or die "$@"; $sasl = Authen::SASL->new(GSSAPI); $status = $ldap->bind("", sasl=>$sasl); $status = $ldap->search(base => $opt_base, scope => 'sub', filter => $filter, attrs => [@attrs], control => [ $ValSortControl ]);
Bill
Le 11/02/2013 22:05, Bill MacAllister a écrit :
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
Bill