Hello Ralf,
nice to know that someone from Novell is reading here, too.
Currently I have opened up a Service Request regarding this topic at Novells Suport Center and pointed that out as a Feature Request but also as problem I and other people have and are lookinf for a workaround.
Too bad I am really low experienced in building complex ACLs to filter stuff like this, maybe someone else is able to help us (James and me) to workaround that problem.
I'll give it a shot and let you know if it's working or not. :)
Bye, Benjamin.
On Tue, Nov 2, 2010 at 16:05, Ralf Haferkamp rhafer@suse.de wrote:
Am Donnerstag 28 Oktober 2010, 19:57:17 schrieb Benjamin Griese:
Hello James,
thanks for replying giving us your opinion. Sometimes I thought I was the only person who has the problem you're talking of. I am in the same dilemma as you are, using SLES11 /w SP1 and have a not working solaris nativ ldap client oder downgrading to SLES1 /wo SP1 but using a rather outdated version of OpenLDAP 2.4.12 but seems to work with the solaris ldap client and your outlook 2003 client.
The problem is, Novell won't release any package changes in endless time, probably für SP2 at earliest point in time. To get/keep it working you have to stay on the older version and I have to downgrade. This is a quite annoying state of a problem we have here.
FYI, we (Novell) are currently working on releasing an update to fix this problem. I can't tell you when it will get released, yet. But it will for sure be before SLES11 SP2.
Until then a possible workaround could be to use some clever ACL to filter the OIDs of VLV and Server Side Sort from the supportedControl Attribute of the rootDSE.
I'll point out the problem to my boss, maybe there is something I can do about it, but for my own laziness, I don't want to regurlarly check for/download/recompile the OpenLDAP package in the lifetime of the server to fix some particular security issues.
So what are we going to do in the meantime? At my site, everything except listing of user/groups is working on the client side, not that big of an issue, but thats also true for dynamic lists that I wanted to use and thats a big issue. :/
How is your state and how big is the problem?
Bye, Benjamin.
PS: Dieter, I tried to get the list of supported controls from the server via the solaris client, but had not luck.
[..]
-- Ralf
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)