Novell Support for VLV And SSS Controls in 8.8.x#

TID for (now) non-support of VLV and SSS controls.

But we can not get VLV to work.

However#

  • The OID for the VLV control, 2.16.840.1.113730.3.4.9, is not listed.
  • The OID for the SSS control, 1.2.840.113556.1.4.473, is also not present.

We were originally told there was a defect initiated to have the OIDs added to the rootDSE. (October of 2008)

As VLV and SSS are not supported, Novell will not address either the limitations or defects of the VLV or SSS implementations in Novell eDirectory 8.7 and previous versions.

Controls are listed in the rootDSE#

For 8.8 (on SP1) The following controls are listed in the rootDSE
DefinitionOID
2.16.840.1.113719.1.27.101.6Forward Reference
2.16.840.1.113719.1.27.101.5SimplePasswordControl
2.16.840.1.113730.3.4.3Persistent search Request
2.16.840.1.113730.3.4.2Persistent search Response
2.16.840.1.113719.1.27.103.7LDAP transaction support supportedGroupingTypes
2.16.840.1.113719.1.27.101.40?
2.16.840.1.113719.1.27.101.41?

Controls that may work but with Limitations#

DefinitionOID
1.2.840.113556.1.4.473Sever-side sort control request
1.2.840.113556.1.4.474Server-side sort control response
2.16.840.1.113730.3.4.9Virtual list view request
2.16.840.1.113730.3.4.10Virtual list view response

Even though the VLV and SSS controls are not supported and not present in the Root DSE, the LDAP Server MAY respond to VLV and SSS requests. Novell chose to retain the functionality, as some developers were willing to work within the confines of the limitations and defects.

Novell is investigating the addition of support for VLV and SSS to a future version of Novell eDirectory.

eDirectory 8.8.3#

When we programmaticlly check the controls on 8.8.3 we see:
VLV Control is NOT in rootDSE!
Calling Asynchronous Search...
Search stopped with exception LDAPException: Other (80) Other
LDAPException: Server Message: NDS error: not implemented (-714)
LDAPException: Matched DN: Other
Received LDAP Sort Control from Server
Error code: 80
No offending attribute returned
Received VLV Response Control from Server...
Result Code    => 0
First Position => 1
Content Count  => 383
Context String => ??a	

Limitations of Virtual List View Control#

The known limitations of VLV are listed below. Novell recommends that the VLV control not be used.
  1. The LDAP Server must have a copy of all objects within the search scope, in order for the VLV control to work. For example, the server would need a copy of every replica, if the search scope started at the top of the tree. If the LDAP Server doesn't have a copy of all objects in the search scope, it will return error 53 when the VLV control is used in a search request.
  2. The VLV control does not work with filtered replicas, even if the LDAP Server is configured to use them in a search. The LDAP Server will return error 53.
  3. The VLV control might not work correctly when the search filter contains multiple parts, e.g. (&(cn=*)(givenname=*)). The LDAP Server will return error 53. Simple filters, containing only one search element, should be used with the VLV control.
  4. The VLV control will return the same entry multiple times when the attribute being searched on has multiple values. If a user entry has three CN attributes and the search filter is (cn=*), that user entry will appear three different times.
  5. The attribute being searched on must have a value index.

This list should not be viewed as exhaustive. Other defects and limitations could be added in the future.

List of LDAP Controls#

You might want to use the Simple Paged ResultsControl that is in eDirectory

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-27) was last changed on 04-Dec-2011 09:50 by jim