On 5/13/2019 7:44 AM, Norbert Klasen wrote:
> On 2019-05-13 12:41, Geoffrey Carman wrote:
>>>
>>> You can use a search like this to simulate /idmdash/#/users:
>>>
>>> ldapsearch -ZZ -x -D cn=uaproxy,ou=sa,o=system -w ${ADM_PASSWD}
>>> "(&(|(objectClass=inetOrgPerson))(|(fullname=*${QU ERY}*)(cn=*${QUERY}*)))"
>>> -e manageDSAit -e '!authzid=u:CN=user001,OU=users,OU=data' -E
>>> sss=givenname/sn -E 2.16.840.1.113719.1.27.101.57 -E vlv=10/10/0/10
>>>
>>> “2.16.840.1.113719.1.27.101.57” is CONTROL_REQ_DISABLE_COUNT.
>>>
>>> For this to work you need to have a compound index with all the
>>> attributes from the server side sort (sss) control plus the ones from
>>> the filter - in this order. The order of the attributes in the index
>>> is important because eDirectory will return the search results based
>>> on their position in the index.

>>
>> Cool, thanks!* I have not seen such a query in NDStrace. Is it updated
>> to show that SSS, VLV, and Proxy Auth are being used on the trace side?

>
> Yes:
>
>
Code:
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63) Search
> request:
>  ******* base: "o=data"
>  ******* scope:2* dereference:0* sizelimit:0* timelimit:0* attrsonly:0
>  ******* filter:
> "(&(|(objectClass=inetOrgPerson))(|(givenName=*michael*)(sn=*michael*)))"
>  ******* attribute: "telephoneNumber"
>  ******* attribute: "mail"
>  ******* attribute: "ou"
>  ******* attribute: "givenName"
>  ******* attribute: "photo"
>  ******* attribute: "sn"
>  ******* attribute: "title"
>  ******* attribute: "srvprvHideUser"
>  ******* attribute: "srvprvHideAttributes"
>  ******* attribute: "modifyTimeStamp"
>  ******* attribute: "loginDisabled"
>  ******* attribute: "objectClass"
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63)
> nds_back_search: Search Control OID 2.16.840.1.113730.3.4.18
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63)
> nds_back_search: Search Control OID 2.16.840.1.113730.3.4.2
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63)
> nds_back_search: Search Control OID 1.2.840.113556.1.4.473
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63)
> nds_back_search: Search Control OID 2.16.840.1.113730.3.4.9
> LDAP: [2019/05/13 13:35:36.961] (172.17.2.91:52400)(0x0012:0x63)
> nds_back_search: Search Control OID 2.16.840.1.113719.1.27.101.57
> LDAP: [2019/05/13 13:35:36.964] (172.17.2.91:52400)(0x0012:0x63) Proxy
> Authorization identity is CN=uaadmin\OU=sa\O=data
> LDAP: [2019/05/13 13:35:36.964] (172.17.2.91:52400)(0x0012:0x63)
> controlSortSetup: Proxy Authorization successful
> LDAP: [2019/05/13 13:35:36.964] (172.17.2.91:52400)(0x0012:0x63)
> controlSortSetup: Setting duplicate context for proxy authorization.
> LDAP: [2019/05/13 13:35:36.964] (172.17.2.91:52400)(0x0012:0x63) Sort
> setup with index "givenName+sn"
>


Coolio! Many thanks Norbert! Now if only that kind of example was added
to the docs!

I am very happy on multiple levels, since the trace shows that Sort,
Proxy Auth and Index in use are all great to know! Woo Hoo!