search

pingidentity / ldapsdk

UnboundID LDAP SDK for Java
Other
327 stars 79 forks source link

search with ALL_OPERATIONAL_ATTRIBUTES doesn't return any operational attributes #153

Closed gredwhite closed 11 months ago

gredwhite commented 11 months ago

This code works and token is not null

val entry: SearchResultEntry = ldapConnectionPool.searchForEntry(baseDn, SearchScope.SUB, filter, SearchRequest.ALL_USER_ATTRIBUTES, "PrimaryGroupToken")
val token = entry.getAttributeValue("PrimaryGroupToken"))

But if I execute this code 

val entry: SearchResultEntry = ldapConnectionPool.searchForEntry(baseDn, SearchScope.SUB, filter, SearchRequest.ALL_USER_ATTRIBUTES, SearchRequest.ALL_OPERATIONAL_ATTRIBUTES)
val token = entry.getAttributeValue("PrimaryGroupToken"))

token is null with other parameters with the same values

Actually at this case I see the same amount of attributes as in the previous code snippet

 val entry: SearchResultEntry = ldapConnectionPool.searchForEntry(baseDn, SearchScope.SUB, filter, SearchRequest.ALL_USER_ATTRIBUTES)
dirmgr commented 11 months ago

I don't believe that Active Directory supports the use of the "+" token to indicate that all operational attributes should be retrieved. As per RFC 3673 (which defines that token), if it does, its root DSE should advertise a supportedFeatures value of "1.3.6.1.4.1.4203.1.5.1", so you can retrieve the root DSE to see if that feature OID is listed.

gredwhite commented 11 months ago

well... it is AD specific...again

Where I can find forum for AD specific questions ?