Mark Coetser wrote:
the problem can be that Outlook use SSSVLV controls on attributes without ordering rules in OpenLDAP. Unfortunately, the 'name' attribute has no ordering rules, so you can't sort results on name (this includes, cn, sn, gn attributes, because they inherit from name). We do not have this limitation on AD (but it breaks LDAP standard).
I don't care about LDAP standard in this particular installation. I need an OpenLDAP server at this site only as a shared address book, it will perform no other function and will never interoperate with anything else.
You can't use server side sort control on cn or sn in OpenLDAP, this will always return an error because there is no ordering rule for these attributes.
So if OpenLDAP can be tweaked to provide server side sort control on cn or sn, I would go for it. Can it be done by modifying the 'name' attribute in the core.schema? Or by a patch?
You can try to patch schema_prep.c in OpenLDAP source, find the 'name' attribute definition and add caseIgnoreOrderingMatch ordering rule to it.
You then need to rebuild OpenLDAP from sources.
Hurrah! It seems to be working. At least I can now browse the small test addressbook I have created for test purposes. Many thanks to you and to all the community for this advice.
Should I expect any problems with slapd because of this patch? Like unexpected coredumps, corrupted database etc?
Please can you post your patch file as well.
It's outrageously simple. I was surprised I could not redefine the properties of the 'name' attribute in the runtime config and had to recompile slapd.
--- ./openldap-2.4.33/servers/slapd/schema_prep.c.orig 2012-12-07 09:54:56.000000000 +0700 +++ ./openldap-2.4.33/servers/slapd/schema_prep.c 2012-12-07 09:58:10.000000000 +0700 @@ -908,6 +908,7 @@ "DESC 'RFC4519: common supertype of name attributes' " "EQUALITY caseIgnoreMatch " "SUBSTR caseIgnoreSubstringsMatch " + "ORDERING caseIgnoreOrderingMatch " "SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", NULL, SLAP_AT_ABSTRACT, NULL, NULL,