Le 20/10/2014 19:22, Nicolas RENAULT a écrit :
Hello

question about overlay sssvlv

info

openldap 2.4.40 with meta to relay informations from one AD , one EDIr and one openLDAP. (just use openLDAP for now)

I create a database to get locally the root "dc=example,dc=fr" and the firstlevel OU "ou=TOUT,dc=example,dc=fr"

I bind the LDAP on "ou=LDAP,ou=TOUT,dc=example,dc=fr"

I activate this overlay (sssvlv) on slapd.conf (because of meta) globally (ie before the statement for the meta database)

overlay sssvlv

just this line.

on example.schema file I define ORDERING for the attribute displayName

----------
attributetype ( 2.16.840.1.113730.3.1.241
        NAME 'displayName'
        DESC 'RFC2798: preferred name to be used when displaying entries'
        EQUALITY caseIgnoreMatch
        ORDERING caseIgnoreOrderingMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )
----------------------

then i try to make a ldapsearch like this :

ldapsearch -E 'sss=displayName' -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -b "ou=LDAP,ou=TOUT,dc=example,dc=fr" -w xxxx -s sub  "(&(objectClass=user)(displayName=ag*))" displayName

# extended LDIF
#
# LDAPv3
# base <ou=LDAP,ou=TOUT,dc=example,dc=fr> with scope subtree
# filter: (&(objectClass=user)(displayName=ag*))
# requesting: displayName
# with server side sorting control
#

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MAMKAQA=
sortResult: (0) Success

# numResponses: 1

If I try the search without sorting  :

ldapsearch -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -b "ou=LDAP,ou=TOUT,dc=example,dc=fr" -w xxxx -s sub "(&(objectClass=user)(displayName=ag*))" displayName

# extended LDIF
#
# LDAPv3
# base <ou=LDAP,ou=TOUT,dc=example,dc=fr> with scope subtree
# filter: (&(objectClass=user)(displayName=ag*))
# requesting: displayName
#

<results removed>

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

It find 5 entry with displayName=Agnes , displayName=agiercza, ....

what did I forgot ?

do I have to activate the overlay on the meta database and on the local database statement of slapd.conf ?

does my ldapsearch incorrect to use server side sorting ?

thanks for help.

Note : I don't known how but my post appear as a response to LDAP Replica TLS problem (berhaps because a use reply to to create my post :( ) , it is possible to detach my question from this thread , and I apologize for the mistake)
 
hello,

I a made search and tests for this overlay  :

if a create 3 users in the ou=TOUT (local database) and activate sssvlv globally or locally  then sort work for the 3 users  OK

if I activate sssvlv  on the meta backend i see the result I post yesterday.  
-------------------------------------------------------------------------------------------------------
# extended LDIF
#
# LDAPv3
# base <ou=LDAP,ou=TOUT,dc=example,dc=fr> with scope subtree
# filter: (&(objectClass=user)(displayName=ag*))
# requesting: displayName
# with server side sorting control
#

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MAMKAQA=
sortResult: (0) Success

# numResponses: 1
----------------------------------------------------------------------------------------------------------

I lauch slapd in debug mode and see that it may be a problem with the rewrite I made.

Without sort , all rewrite are made and I see the result.

With sort, only suffixmassage occur when the information came from the distant ldap and then no more process , just the result you can see 3 line up.

so questions :

Is the overlay sssvlv working on meta_backend ?

It is possible to force de overlay sssvlv to work after all rewrite (rwm) ?

Someone known a trick to solve my problem ?

thanks for reply  
-- 
Nicolas