Hi,
Since I started adding clients to authenticate users through LDAP I'm getting those messages in the servers log:
slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.16
Clients use nss-ldapd 0.9.9 with nslcd and nscd for caching. Servers are running OpenLDAP 2.4.47 on Debian/Stretch 9.11.
A quick search shows those are related to deref control. I don't have that overlay loaded on the servers, only slapo-memberof, slapo-syncprov, slapo-refint and slapo-ppolicy
So I wonder if, first, are they harmfull? Or will they get eventually as the number of clients will start to increase in the very near future?
thanks, jf
--On Friday, November 15, 2019 11:57 AM -0500 Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca wrote:
So I wonder if, first, are they harmfull? Or will they get eventually as the number of clients will start to increase in the very near future?
It's purely informational and can be ignored.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
* Quanah Gibson-Mount quanah@symas.com [20191115 19:11]:
--On Friday, November 15, 2019 11:57 AM -0500 Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca wrote:
So I wonder if, first, are they harmfull? Or will they get eventually as the number of clients will start to increase in the very near future?
It's purely informational and can be ignored.
OK!
Just so this could be helping others, can you tell us what is triggering it?
Thank you! jf
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Saturday, November 16, 2019 12:24 PM -0500 Jean-Francois Malouin Jean-Francois.Malouin@bic.mni.mcgill.ca wrote:
It's purely informational and can be ignored.
OK!
Just so this could be helping others, can you tell us what is triggering it?
One or more of your LDAP clients is requesting that control when connecting to the server. The server doesn't recognize that control and logs the request.
You can obtain more information about what the control being requested does at https://tools.ietf.org/html/draft-masarati-ldap-deref-00
Unless you are specifically wanting to use this feature, there is no need to enable it (i.e., no need to load the deref overlay). It may be possible to disable this behavior on the client side as well, depending on the client.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Jean-Francois Malouin -
Quanah Gibson-Mount