2 Replies Latest reply on Oct 7, 2013 10:05 AM by bhadra12

    How to check controls on directory server




      How can we check whether supported/unsupported controls defined for Directory server?


      Actually, I need help in investigating cause for LDAP error code 12: unsupported critical extension.


      [30/Sep/2013:13:39:51 +0000] conn=433906 op=5 msgId=6 - SRCH base="ou=groups,xxxxxxxx" scope=2 filter="(&(objectClass=xxxxx)(cn=xxxxx))", unsupported critical extension

      [30/Sep/2013:13:39:51 +0000] conn=433906 op=5 msgId=6 - RESULT err=12 tag=101 nentries=0 etime=0.000000



      Thanks in advance.

        • 1. Re: How to check controls on directory server
          Sylvain Duloutre-Oracle



          The list of supported control in a LDAP directory is available in the rootDSE (entry with empty dn): To retrieve the list of supported control, do the following ldap search


          ldapsearch ...  -b "" -s base "objectclass=*" supportedControl





          supportedControl: 2.16.840.1.113730.3.4.2

          supportedControl: 2.16.840.1.113730.3.4.3

          supportedControl: 2.16.840.1.113730.3.4.4

          supportedControl: 2.16.840.1.113730.3.4.5

          supportedControl: 1.2.840.113556.1.4.473

          supportedControl: 2.16.840.1.113730.3.4.9

          supportedControl: 2.16.840.1.113730.3.4.16



          • 2. Re: How to check controls on directory server

            Hi Sylvain,


            Thank you very much for your answer.


            Can we control/extention information which is requested by client along with the LDAP operations.


            I tried in access logs but couldn't find any information.


            Thanks once again!