|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Disabling a particular supported control in AD[AM]Some LDAP servers allow disabling parts of the provided functionality. I'm wondering is there a way in AD[AM] to disable this of that particular feature provided via LDAP controls? For example, if there a way to disable the LDAP_SERVER_TREE_DELETE (1.2.840.113556.1.4.805) or LDAP_PAGED_RESULT (1.2.840.113556.1.4.319) for an AD[AM] instance? The question was raised during an internal discussion on necessity of checking RootDSE's supportedControls attribute for a particular value when developing a AD[AM] specific applications. Sincerely yours, Kirill Kovalenko Product Manager Softerra LLC http://www.softerra.com http://www.ldapadministrator.com Hi
AFAIK the only controls for which advertising in supportedControls can be supressed is VLV support and for latest ADAM releases the ability to suppress that is really a legacy feature. Lee Flight <kir***@softerra.com> wrote in message Show quoteHide quote news:1139415033.564601.191400@o13g2000cwo.googlegroups.com... > Hello, > > Some LDAP servers allow disabling parts of the provided functionality. > I'm wondering is there a way in AD[AM] to disable this of that > particular feature provided via LDAP controls? > > For example, if there a way to disable the LDAP_SERVER_TREE_DELETE > (1.2.840.113556.1.4.805) or LDAP_PAGED_RESULT (1.2.840.113556.1.4.319) > for an AD[AM] instance? > > The question was raised during an internal discussion on necessity of > checking RootDSE's supportedControls attribute for a particular value > when developing a AD[AM] specific applications. > > > Sincerely yours, > Kirill Kovalenko > Product Manager > Softerra LLC > http://www.softerra.com > http://www.ldapadministrator.com > Just out of curiosity, why would you want to suppress these? I think ADAM
would be particular hard to deal with if you didn't have paged searches (unless you never have more than 1000 objects or plan to dink around with the maxPageSize). Joe K. <kir***@softerra.com> wrote in message Show quoteHide quote news:1139415033.564601.191400@o13g2000cwo.googlegroups.com... > Hello, > > Some LDAP servers allow disabling parts of the provided functionality. > I'm wondering is there a way in AD[AM] to disable this of that > particular feature provided via LDAP controls? > > For example, if there a way to disable the LDAP_SERVER_TREE_DELETE > (1.2.840.113556.1.4.805) or LDAP_PAGED_RESULT (1.2.840.113556.1.4.319) > for an AD[AM] instance? > > The question was raised during an internal discussion on necessity of > checking RootDSE's supportedControls attribute for a particular value > when developing a AD[AM] specific applications. > > > Sincerely yours, > Kirill Kovalenko > Product Manager > Softerra LLC > http://www.softerra.com > http://www.ldapadministrator.com > > why would you want to suppress these? I'm not going to disable any of features. I'm just wondering - when Idevelop an AD[AM] application can I be sure that, for example, LDAP_SERVER_TREE_DELETE is always available, or, I should check it every time in RootDSE and apply recursive delete if it's not available. Ah, I see. Well, I've never heard of MS removing controls (with the
exception of VLV maybe getting pulled in AD 2003 because it doesn't work very well), but at the same time, if you want to be thorough, I guess it can't hurt to check during startup. You guys are Softerra after all. People have pretty high expectations that your tools will always do "the right thing". :) If you can code flexibly enough to handle varying capabilities, then I can't see how it can hurt to check for them during an initial connect. I don't think you would need to check for every operation though. I think it is reasonable to expect that these controls would not vary between connections to the directory. Joe K. <kir***@softerra.com> wrote in message Show quoteHide quote news:1139483173.140800.283830@g47g2000cwa.googlegroups.com... >> why would you want to suppress these? > > I'm not going to disable any of features. I'm just wondering - when I > develop an AD[AM] application can I be sure that, for example, > LDAP_SERVER_TREE_DELETE is always available, or, I should check it > every time in RootDSE and apply recursive delete if it's not available. > I would recommend coding in the flexibility. Also consider that someone may have
delete rights but not delete tree rights. Or vice versa. joe -- Show quoteHide quoteJoe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm kir***@softerra.com wrote: >> why would you want to suppress these? > > I'm not going to disable any of features. I'm just wondering - when I > develop an AD[AM] application can I be sure that, for example, > LDAP_SERVER_TREE_DELETE is always available, or, I should check it > every time in RootDSE and apply recursive delete if it's not available. > 
Other interesting topics
ADAM Replication - 1 instance off issue
New Site DC [WildPacket] Xp firewall on if not in domain Lots of Event ID 566 logon to domain while dc is colsed ADAM replication with firewall Change Active Directory Information NSLookup - [WildPacket] Problems installing Active Directory Users and Computers on Windows 64bit Exporting AD Objects by creation date |
|||||||||||||||||||||||
