Thursday, 17 September 2009

Server side sort with OpenLDAP2.4.18

OpenLDAP2.4.18 sports server side sorting (RFC 2891).

First of all, during configuration, sss should be enabled:
./configure --enable-hdb=yes --enable-sssvlv --enable-ppolicy --with-cyrus-sasl --with-tls=openssl

Then in slapd.conf, overlay has to be enabled:
overlay sssvlv
This line has to be added either in the global part or inside a backend directive.

Then, a ldapsearch can test the feature:
/usr/local/bin/ldapsearch -h localhost -x -E 'sss=cn' 'sn=m*' cn
if there is an attribute with a ordering rule.

If not, an error arises:
# extended LDIF
# LDAPv3
# base  with scope subtree
# filter: sn=m*
# requesting: cn 
# with server side sorting control

# search result
search: 2
result: 18 Inappropriate matching
text: serverSort control: No ordering rule

# numResponses: 1

You can add ordering rules to schemas: for instance to add ordering rules to sn, modify sn entry in core.schema as follows:
attributetype ( NAME ( 'sn' 'surname' )
 DESC 'RFC2256: last (family) name(s) for which the entity is known by'
 ORDERING caseIgnoreOrderingMatch
 SUP name )

This time ldapsearch returns:
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MIQAAAADCgEA
sortResult: (0) Success

# numResponses: 4602
# numEntries: 4601


Anonymous said...

As per, how would one go about ordering by cn?

Francesco said...

I feel you should edit the schema for cn to add a line for the ORDERING rule.