"Auteria W. Winzer Jr." wwinzer@yahoo.com schrieb am 18.02.2014 um 21:00 in
Nachricht 1392753658.57245.YahooMailNeo@web181601.mail.ne1.yahoo.com:
Aaron,
The URL http://tools.ietf.org/html/draft-ietf-ldapext-ldapv3-vlv-09 can't be found, yet I was able to access the 2nd link from the openldap archives with no issues.
Some distributions pack the file: # rpm -ql openldap2 |grep vlv /usr/share/doc/packages/openldap2/drafts/draft-ietf-ldapext-ldapv3-vlv-xx.txt /usr/share/man/man5/slapo-sssvlv.5.gz
Regards, Auteria Winzer Jr.
From: Aaron Richton richton@nbcs.rutgers.edu To: Auteria W. Winzer Jr. wwinzer@yahoo.com Cc: "openldap-technical@openldap.org" openldap-technical@openldap.org Sent: Tuesday, February 18, 2014 1:05 PM Subject: Re: ldapsearch error - Unknown error (60)
On Tue, 18 Feb 2014, Auteria W. Winzer Jr. wrote:
To the members of the mailing list,
Upon a test search I'm getting the following error:
$ ldapsearch -LLL -v -z none -x -e "2.16.840.1.113730.3.4.9" -h bugsbunny.bar -p
9999 -b "ou=foo,o=bar" -D "uid=xxx,ou=foo,o=bar" -w "xxxxxxxx" "(&(objectClass=groupOfUniqueNames)(displayname=*))" displayname
ldap_initialize( ldap://bugsbunny.bar:9999 ) filter: (&(objectClass=groupOfUniqueNames)(displayname=*)) requesting: displayname Unknown error (60) Additional information: VLV Control
When looking up the error I noticed the following:
LDAP_SORT_CONTROL_MISSING - 60 (x'3C) - Unused in standards. Sun LDAP
Directory Server only. Server did not receive a required server-side sorting control.
Can someone that has experience with this type of LDAP search criteria
assist me to obtain a final resolution?
See the relevant I-D http://tools.ietf.org/html/draft-ietf-ldapext-ldapv3-vlv-09
per section 6.1, you need to have a SSS control in addition to the VLV
control. You're missing that, hence the server says it didn't receive the requirement. Make sure your requests comply with the I-D.
Also, the controlValue has precise requirements, and I don't see an example
of that above.
Using OpenLDAP's ldapsearch(1) I believe this would go something like:
ldapsearch -z none -x -E sss=heightInCm -E vlv=0/1/0/1 -b cn=foo -h
ldap.example.com (uid=user)
another example from the archives:
http://www.openldap.org/lists/openldap-technical/201005/msg00087.html