On Sat, 15 Aug 2009, Peter Schober wrote:
> * Jethro R Binks <[log in to unmask]> [2009-08-14 13:28]:
> > > I know this was against AD, can anyone enlighten me, I believe
> > > "distinguishedName" is an LDAP "attribute" that AD returns for each
> > > request, unfortunately there doesn't seem to be an equivalent one for
> > > Novell eDirectory. I have read a claim that Novell supports the
> > > "operational attribute" entryDN that should be returned but using that
> > > generates an error of undefined attribute so shib is clearly not getting
> > > it.
>
> Asking the vendor might help (the RFC in question is 5020),
> maybe they also implemented their own pre-RFC variant of that.
>
> > Use a directory browser to investigate what attributes an object has.
> > Apache project has a GUI one. For the CLI, I have a script like the
> > following which dumps out all attributes for a provided $user:
> >
> > args="-LLL -x -z 0 -H $ldapuri -D $binddn -w $bindpw"
> >
> > base="dc=ds,dc=strath,dc=ac,dc=uk"
> > filter="(&(cn=$user)(objectClass=organizationalPerson))"
> >
> > ldapsearch $args -b $base -s sub $filter
>
> No, operational attributes don't get returned unless explicitly asked
> for, i.e. implicitly asking for all attributes by not specifying any
> or explicitly asking for '*' won't get you operational atteributes.
My very old OpenLDAP ldapsearch man page says:
"If ldapsearch finds one or more entries, the attributes specified by
attrs are returned. If * is listed, all user attributes are returned. If
+ is listed, all operational attributes are returned. If no attrs are
listed, all attributes are returned."
Since I want all attributes, I don't list any attrs (I wrote the nugget
about 8 years ago).
I'm not sure I now know what an operational attribute is, even if I did
then ...
Jethro.
> $ man ldapsearch | fgrep '+'
> If + is listed, all operational attributes are returned.
>
> (This is with the OpenLDAP client, YMMV on platforms with other libs).
>
> cheers,
> -peter
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
|