2012/12/6 Victor Sudakov vas@mpeks.tomsk.su:
Cl?ment OUDOT wrote:
When I try to browse an addresslist from Outlook, the OpenLDAP server gives the following error:
Lightweight Directory Access Protocol LDAPMessage searchResDone(11) inappropriateMatching (serverSort control: No ordering rule) [0 results] messageID: 11 protocolOp: searchResDone (5) searchResDone resultCode: inappropriateMatching (18) matchedDN: errorMessage: serverSort control: No ordering rule [Response To: 6] [Time: 0.002066000 seconds]
What is this error? Could someone please interpret it? I almost believe that if I can get rid of it, I will have a browseable addresslist in Outlook.
As I already replied :
the problem can be that Outlook use SSSVLV controls on attributes without ordering rules in OpenLDAP. Unfortunately, the 'name' attribute has no ordering rules, so you can't sort results on name (this includes, cn, sn, gn attributes, because they inherit from name). We do not have this limitation on AD (but it breaks LDAP standard).
I don't care about LDAP standard in this particular installation. I need an OpenLDAP server at this site only as a shared address book, it will perform no other function and will never interoperate with anything else.
You can't use server side sort control on cn or sn in OpenLDAP, this will always return an error because there is no ordering rule for these attributes.
So if OpenLDAP can be tweaked to provide server side sort control on cn or sn, I would go for it. Can it be done by modifying the 'name' attribute in the core.schema? Or by a patch?
You can try to patch schema_prep.c in OpenLDAP source, find the 'name' attribute definition and add caseIgnoreOrderingMatch ordering rule to it.
You then need to rebuild OpenLDAP from sources.
Clément.