Are the LDAP Virtual List View and Server Side Sort Controls supported?

  • 7001493
  • 02-Oct-2008
  • 26-Apr-2012

Environment

Novell eDirectory 8.5 for All Platforms
Novell eDirectory 8.6 for All Platforms
Novell eDirectory 8.7 for All Platforms
Novell eDirectory 8.8 for All Platforms

Situation

Error: 53
Error: "DSA is unwilling to perform"
Are the LDAP Virtual List View and Server Side Sort Controls supported?

Resolution

The LDAP Virtual List View (VLV) control and Server Side Control (SSS) control currently are only supported with limitations on eDirectory 8.8, 8.7.3 or earlier versions.   Searching the Root DSE will show no support for VLV and SSS.  The OID for the VLV control, 2.16.840.1.113730.3.4.9, is not listed.  The OID for the SSS control, 1.2.840.113556.1.4.473, is also not present. 

Even though the VLV and SSS controls are not fully supported in eDirectory 8.8, 8.7.3 and previous versions, the LDAP Server will respond to VLV and SSS requests.  Novell chose to retain the functionality, as some developers were willing to work within the confines of the limitations and defects.

The known limitations of VLV and SSS are listed below.  They apply to eDirectoy 8.8 and all previous versions.

1. The LDAP Server must have a copy of all objects within the search scope, in order for the VLV/SSS control to work.  For example, the server would need a copy of every replica, if the search scope started at the top of the tree.  If the LDAP Server doesn't have a copy of all objects in the search scope, it will return error 53 when the VLV/SSS control is used in a search request.
2. The VLV/SSS control does not work with filtered replicas, even if the LDAP Server is configured to use them in a search.  The LDAP Server will return error 53.
3. The VLV/SSS control might not work correctly when the search filter contains multiple parts, e.g. (&(cn=*)(givenname=*)).  The LDAP Server will return error 53.  Simple filters, containing only one search element, should be used with the VLV control.
4. The VLV/SSS control will return the same entry multiple times when the attribute being searched on has multiple values.  If a user entry has three CN attributes and the search filter is (cn=*), that user entry will appear three different times.
5. The attribute being searched on must have a value index.

Additional Information

Formerly known as TID# 10084069

Change Log

16 July 2009 pgephart added text to indicated limited support for VLV & SSS.  Limited support was approved by Kamal Narayan and changes to this TID were approved Ken Davis.

13 May 2009 sperrin added SSS to detailed description of problems since I believe they occur with either VLV or SSS