Philip Brusten wrote:
Hi
We have set up an LDAP proxy (slapd-ldap) in front of a NetIQ eDirectory.
The LDAP-client which connects to the proxy uses an extended operation, but the request fails because the proxy is not aware of this extension:
do_extended: unsupported operation "2.16.840.1.113719.1.39.42.100.... RESULT tag=120 err=2 text=unsupported extended operation
# ldapsearch -H ldaps://proxy:port -b '' -s base -D <snip> -W -LLL supportedExtension Enter LDAP Password: dn: supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8
Whereas the NetIQ eDirectory back-end supports lots of custom NetIQ extensions:
# ldapsearch -H ldaps://backend:port -b '' -s base -D <snip> -W -LLL supportedExtension Enter LDAP Password: dn: supportedExtension: 2.16.840.1.113719.1.39.42.100.1
Is there a way to allow these extensions on the proxy?
Write yourself a dynamic module to register those extension OIDs in back-ldap.