Hi Quanah,
I just found an old post of yours, and I'd be interested to know if and how you solved that problem, because I ran into the same need.
Thanks Ben
* *To*: *openldap-devel@OpenLDAP.org mailto:openldap-devel%40OpenLDAP.org* * *Subject*: *valsort & telephoneNumber* * *From*: *Quanah Gibson-Mount <quanah@stanford.edu mailto:quanah%40stanford.edu>* * Date: Mon, 28 Aug 2006 21:11:07 -0700 * Content-disposition: inline
------------------------------------------------------------------------ We would like to be able to use valsort to weight telephoneNumber values in OpenLDAP. However, modifications of that type get rejected by the SYNTAX validation for telephoneNumber because it contains {}'s. Is it reasonable to expect to be able to override the SYNTAX in this case? Should valsort be modified to do so? Basically, the desired behavior would be for the non-weighted part (i.e., the actual data) of the value to be validated via the SYNTAX rules, but the weight part at the beginning ignored.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key:http://www.stanford.edu/~quanah/pgp.html http://www.stanford.edu/%7Equanah/pgp.html
IMO this example clearly shows that the {} approach is a hack limited to certain use-cases (e.g. ACLs etc. in back-config).
Ciao, Michael.
Benin Technologies wrote:
Hi Quanah,
I just found an old post of yours, and I'd be interested to know if and how you solved that problem, because I ran into the same need.
Thanks Ben
- *To*: *openldap-devel@OpenLDAP.org mailto:openldap-devel%40OpenLDAP.org*
- *Subject*: *valsort & telephoneNumber*
- *From*: *Quanah Gibson-Mount <quanah@stanford.edu mailto:quanah%40stanford.edu>*
- Date: Mon, 28 Aug 2006 21:11:07 -0700
- Content-disposition: inline
We would like to be able to use valsort to weight telephoneNumber values in OpenLDAP. However, modifications of that type get rejected by the SYNTAX validation for telephoneNumber because it contains {}'s. Is it reasonable to expect to be able to override the SYNTAX in this case? Should valsort be modified to do so? Basically, the desired behavior would be for the non-weighted part (i.e., the actual data) of the value to be validated via the SYNTAX rules, but the weight part at the beginning ignored.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html http://www.stanford.edu/%7Equanah/pgp.html
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
Le 11/02/2013 18:35, Michael Ströder a écrit :
IMO this example clearly shows that the {} approach is a hack limited to certain use-cases (e.g. ACLs etc. in back-config).
Ciao, Michael.
Benin Technologies wrote:
Hi Quanah,
I just found an old post of yours, and I'd be interested to know if and how you solved that problem, because I ran into the same need.
Thanks Ben
- *To*: *openldap-devel@OpenLDAP.orgmailto:openldap-devel%40OpenLDAP.org*
- *Subject*: *valsort& telephoneNumber*
- *From*: *Quanah Gibson-Mount<quanah@stanford.edu mailto:quanah%40stanford.edu>*
- Date: Mon, 28 Aug 2006 21:11:07 -0700
- Content-disposition: inline
We would like to be able to use valsort to weight telephoneNumber values in OpenLDAP. However, modifications of that type get rejected by the SYNTAX validation for telephoneNumber because it contains {}'s. Is it reasonable to expect to be able to override the SYNTAX in this case? Should valsort be modified to do so? Basically, the desired behavior would be for the non-weighted part (i.e., the actual data) of the value to be validated via the SYNTAX rules, but the weight part at the beginning ignored.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.htmlhttp://www.stanford.edu/%7Equanah/pgp.html
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
Bill
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
That's not documented in slapo-valsort(5), as far as I know.
p.
--On Monday, February 11, 2013 10:22 PM +0100 Pierangelo Masarati masarati@aero.polimi.it wrote:
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
That's not documented in slapo-valsort(5), as far as I know.
Fixed via ITS#7523.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
thanks for that info
how do you use that control ? I tried the following :
ldapsearch -x -W -D "cn=admin,dc=company,dc=com" -b "ou=people,dc=company,dc=com" -s subtree -e 1.3.6.1.4.1.4203.666.5.14
I get : # search result search: 2 result: 2 Protocol error text: valSort control value is absent
Le 11/02/2013 22:05, Bill MacAllister a écrit :
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
Bill
--On Monday, February 11, 2013 10:53:05 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks for that info
how do you use that control ? I tried the following :
ldapsearch -x -W -D "cn=admin,dc=company,dc=com" -b "ou=people,dc=company,dc=com" -s subtree -e 1.3.6.1.4.1.4203.666.5.14
I get : # search result search: 2 result: 2 Protocol error text: valSort control value is absent
Good luck with that. I never did figure out how to get this back from ldapsearch. I worked on the for a couple hours about a year ago, and I didn't save any of my tests. I am not a C hacker, but as I remember between reading the code and testing I got closer by base64 encoding the ber encoded value for the control and using that on the command line. But, don't hold me to that, and I never did get it to work.
It is fairly straight froward to do in perl. Here is a snipet of the important bits. You don't need the GSSAPI parts, but it was easier to leave them in.
use Net::LDAP; use Net::LDAP::Control; use Convert::ASN1; use MIME::Base64; use Authen::SASL;
# Set up the value to be used for the control my $asn = Convert::ASN1->new; $asn->prepare('SEQUENCE { b BOOLEAN }'); my $pdu = $asn->encode(b=>1); # or 1
# Create the control my $ValSortControl=Net::LDAP::Control->new( type => "1.3.6.1.4.1.4203.666.5.14", critical => 0, value => $pdu );
$ldap = Net::LDAP->new( "$opt_host" ) or die "$@"; $sasl = Authen::SASL->new(GSSAPI); $status = $ldap->bind("", sasl=>$sasl); $status = $ldap->search(base => $opt_base, scope => 'sub', filter => $filter, attrs => [@attrs], control => [ $ValSortControl ]);
Bill
Le 11/02/2013 22:05, Bill MacAllister a écrit :
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
Bill
thanks for that perl snippet
it would be great to make it work with ldapsearch though, I'll make another post to see if someone has ever used it with ldapsearch
Le 12/02/2013 00:33, Bill MacAllister a écrit :
--On Monday, February 11, 2013 10:53:05 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks for that info
how do you use that control ? I tried the following :
ldapsearch -x -W -D "cn=admin,dc=company,dc=com" -b "ou=people,dc=company,dc=com" -s subtree -e 1.3.6.1.4.1.4203.666.5.14
I get : # search result search: 2 result: 2 Protocol error text: valSort control value is absent
Good luck with that. I never did figure out how to get this back from ldapsearch. I worked on the for a couple hours about a year ago, and I didn't save any of my tests. I am not a C hacker, but as I remember between reading the code and testing I got closer by base64 encoding the ber encoded value for the control and using that on the command line. But, don't hold me to that, and I never did get it to work.
It is fairly straight froward to do in perl. Here is a snipet of the important bits. You don't need the GSSAPI parts, but it was easier to leave them in.
use Net::LDAP; use Net::LDAP::Control; use Convert::ASN1; use MIME::Base64; use Authen::SASL;
# Set up the value to be used for the control my $asn = Convert::ASN1->new; $asn->prepare('SEQUENCE { b BOOLEAN }'); my $pdu = $asn->encode(b=>1); # or 1
# Create the control my $ValSortControl=Net::LDAP::Control->new( type => "1.3.6.1.4.1.4203.666.5.14", critical => 0, value => $pdu );
$ldap = Net::LDAP->new( "$opt_host" ) or die "$@"; $sasl = Authen::SASL->new(GSSAPI); $status = $ldap->bind("", sasl=>$sasl); $status = $ldap->search(base => $opt_base, scope => 'sub', filter => $filter, attrs => [@attrs], control => [ $ValSortControl ]);
Bill
Le 11/02/2013 22:05, Bill MacAllister a écrit :
--On Monday, February 11, 2013 09:42:55 PM +0100 Benin Technologies benintechnologies@yahoo.fr wrote:
thanks, I agree, first I thought that weighted valsort could be used to give an importance grade to a set of attributes, but I agree, it seems it is of much limited use
(other limitation : it's quite impossible to delete/modify a weighted entry, because you need to include the weight ({3} for example) in the LDIF delete/modify instruction file. Given that the weight value is never returned by searches, it's impossible to know that weight, thus impossible to delete the attribute, unless that information has been stored somewhere else)
To perform a search that returns the weighted values the control LDAP_CONTROL_VALSORT (1.3.6.1.4.1.4203.666.5.14) must be specified.
Bill
IMO this example clearly shows that the {} approach is a hack limited to certain use-cases (e.g. ACLs etc. in back-config).
Perhaps valsort could return weights instead of stripping them off when the RFC 3296 manageDSAit control is used.
p.
--On Monday, February 11, 2013 10:11 PM +0100 Pierangelo Masarati masarati@aero.polimi.it wrote:
IMO this example clearly shows that the {} approach is a hack limited to certain use-cases (e.g. ACLs etc. in back-config).
Perhaps valsort could return weights instead of stripping them off when the RFC 3296 manageDSAit control is used.
As Bill noted, this is already possible if you supply the VALSORT control. No need to mess with manageDSAit.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Benin Technologies -
Bill MacAllister -
Michael Ströder -
Pierangelo Masarati -
Quanah Gibson-Mount