Philip Brusten wrote:
On 7/01/2019 17:59, Howard Chu wrote:
Philip Brusten wrote:
On 3/01/2019 18:09, Howard Chu wrote:
Philip Brusten wrote:
Is there a way to allow these extensions on the proxy?
Write yourself a dynamic module to register those extension OIDs in back-ldap.
So there is no current way to support these extensions via configuration?
Extensions, by their very nature, require code to implement them. So no, you cannot configure new functionality into existence without writing your own module.
In the context of a proxy this is a big overhead. IMHO this should be possible via configuration in case of an LDAP-proxy. It just needs to allow the extension to passthrough, not to implement the logic behind it, or is this too short-sighted?
It's not that simple. Advertising a supportedExtension in the rootDSE implies that the entire server supports them. slapd allows multiple backends to operate at once, and what you're talking about would only be valid for a single specific back-ldap instance.
The standard format for extended ops doesn't include a DN, and slapd uses the DN to determine which backend should process an incoming op. So there's no generic way for slapd to correctly forward an incoming exop to the correct backend, or the proxy backend. Every op must be handled explicitly and must be at least parsed in order for slapd to be able to route it.