Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7671

ldapsearch: SubEntries control option is too difficult to use

    Details

    • Type: Bug
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.1.0
    • Fix Version/s: None
    • Component/s: ease of use, tools
    • Labels:
      None

      Description

      To return subentry password policies in search results, you can use the SubEntries control, which corresponds to OID 1.3.6.1.4.1.4203.1.10.1.

      This control requires a boolean value.

      The difficult part is that you cannot just type something human-readable, like TRUE, or even human-readable-for-people-who-read-ASN.1, like 0x0101FF. Instead, you pass in the actual value.

      For example, the base64-encoded version of ASN.1 "TRUE" works:

      $ ldapsearch -h localhost -p 1636 --useSSL -X -D uid=admin -w password -b dc=example,dc=com --control SubEntries:TRUE::AQH/ "(objectClass=ds-pwp-password-policy)"
      dn: cn=Minimum length policy,dc=example,dc=com
      objectClass: top
      objectClass: subentry
      objectClass: ds-pwp-password-policy
      objectClass: ds-pwp-validator
      objectClass: ds-pwp-length-based-validator
      cn: Minimum length policy
      ds-pwp-default-password-storage-scheme: PBKDF2-HMAC-SHA512
      ds-pwp-length-based-min-password-length: 8
      ds-pwp-password-attribute: userPassword

      So it's possible, but not user-friendly.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Mark Mark Craig
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: