2 Replies Latest reply: Oct 7, 2013 5:05 AM by bhadra12 RSS

    How to check controls on directory server

    bhadra12

      Hi,

       

      How can we check whether supported/unsupported controls defined for Directory server?

       

      Actually, I need help in investigating cause for LDAP error code 12: unsupported critical extension.

      =============================================

      [30/Sep/2013:13:39:51 +0000] conn=433906 op=5 msgId=6 - SRCH base="ou=groups,xxxxxxxx" scope=2 filter="(&(objectClass=xxxxx)(cn=xxxxx))", unsupported critical extension

      [30/Sep/2013:13:39:51 +0000] conn=433906 op=5 msgId=6 - RESULT err=12 tag=101 nentries=0 etime=0.000000

      =============================================

       

      Thanks in advance.

        • 1. Re: How to check controls on directory server
          Sylvain Duloutre-Oracle

          Hi,

           

          The list of supported control in a LDAP directory is available in the rootDSE (entry with empty dn): To retrieve the list of supported control, do the following ldap search

           

          ldapsearch ...  -b "" -s base "objectclass=*" supportedControl

           

          e.g.

           

          dn:

          supportedControl: 2.16.840.1.113730.3.4.2

          supportedControl: 2.16.840.1.113730.3.4.3

          supportedControl: 2.16.840.1.113730.3.4.4

          supportedControl: 2.16.840.1.113730.3.4.5

          supportedControl: 1.2.840.113556.1.4.473

          supportedControl: 2.16.840.1.113730.3.4.9

          supportedControl: 2.16.840.1.113730.3.4.16

          ...


          -Sylvain


          • 2. Re: How to check controls on directory server
            bhadra12

            Hi Sylvain,

             

            Thank you very much for your answer.

             

            Can we control/extention information which is requested by client along with the LDAP operations.

             

            I tried in access logs but couldn't find any information.

             

            Thanks once again!