2012/12/6 Victor Sudakov <v...@mpeks.tomsk.su>: > Cl?ment OUDOT wrote: >> > >> > When I try to browse an addresslist from Outlook, the OpenLDAP server >> > gives the following error: >> > >> > >> > Lightweight Directory Access Protocol >> > LDAPMessage searchResDone(11) inappropriateMatching (serverSort >> > control: No ordering rule) [0 results] >> > messageID: 11 >> > protocolOp: searchResDone (5) >> > searchResDone >> > resultCode: inappropriateMatching (18) >> > matchedDN: >> > errorMessage: serverSort control: No ordering rule >> > [Response To: 6] >> > [Time: 0.002066000 seconds] >> > >> > >> > What is this error? Could someone please interpret it? I almost believe >> > that if I can get rid of it, I >> > will have a browseable addresslist in Outlook. >> >> As I already replied : >> >> >> the problem can be that Outlook use SSSVLV controls on attributes >> without ordering rules in OpenLDAP. Unfortunately, the 'name' >> attribute has no ordering rules, so you can't sort results on name >> (this includes, cn, sn, gn attributes, because they inherit from >> name). We do not have this limitation on AD (but it breaks LDAP >> standard). > > I don't care about LDAP standard in this particular installation. > I need an OpenLDAP server at this site only as a shared address book, > it will perform no other function and will never interoperate with > anything else. > >> >> >> You can't use server side sort control on cn or sn in OpenLDAP, this >> will always return an error because there is no ordering rule for >> these attributes. > > So if OpenLDAP can be tweaked to provide server side sort control on > cn or sn, I would go for it. Can it be done by modifying the 'name' > attribute in the core.schema? Or by a patch?
You can try to patch schema_prep.c in OpenLDAP source, find the 'name' attribute definition and add caseIgnoreOrderingMatch ordering rule to it. You then need to rebuild OpenLDAP from sources. Clément.