Re: [Freeipa-users] FreeIPA and vSphere

On ke, 14 joulu 2016, Serhii Honchar wrote:

trying to get vSphere authenticate users using FreeIPA.
I've made scheme changes as recommended in howto
But then faced following issue:
Vsphere using "pagedResultsControl" and sets it's criticality to "True" on
all it's requests to LDAP server:
Lightweight Directory Access Protocol
   LDAPMessage searchRequest(2) "cn=users,cn=compat,dc=XXX,dc=XXX"
       messageID: 2
       protocolOp: searchRequest (3)
       [Response In: 17]
*       controls: 1 item *
*            Control *
*                controlType: 1.2.840.113556.1.4.319 (pagedResultsControl) *
*                criticality: True *
*                SearchControlValue *
*                    size: 100 *
*                    cookie: <MISSING> *

When requesting from "cn=accounts" subtree things go ok, and reply also
contain "pagedResultsControl" block:
Lightweight Directory Access Protocol
   LDAPMessage searchResDone(2) success [1 result]
       messageID: 2
       protocolOp: searchResDone (5)
               resultCode: success (0)
       [Response To: 15]
       [Time: 0.065699000 seconds]
 *      controls: 1 item*
*            Control*
*                controlType: 1.2.840.113556.1.4.319 (pagedResultsControl)*
*                SearchControlValue*
*                    size: 0*
*                    cookie: <MISSING>*
and vSphere accepts the results of such queries without any problem, except
the fact that there are no some required attributes in objects in this

But on same requests to "cn=compat" subtree (where all required attributes
added) something goest wrong, and replies doesn't contain
"pagedResultsControl" block (the result set itself is identical, absence of
controls block is only difference) :
That's correct because slapi-nis plugin does not support paged results
control for the virtual subtree.

/ Alexander Bokovoy

