Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.

SMAX OPB change for LDAP compatibility without “Simple Paged Results Control”

Idea ID 2702884

SMAX OPB change for LDAP compatibility without “Simple Paged Results Control”

We are a partner involved in a big client migration to SMAX.

Some weeks ago, we found a problem with the integration with their LDAP. Their LDAP does not support “Simple Paged Results Control“.
We know, their LDAP is not in the Matrix support compatibility for SMAX, but we found a workaround that is working perfectly and SMAX works with LDAP that is not supporting “Simple Page Results Control”.

My idea is to create a configuration file in OPB, so the client can have the possibility to change the value of the parameter "1.2.840.113556.1.4.319 / pagedResultsControl" to false.

It’s only to change a specific parameter in the “OPB” (On Premise Bridge) tool, in a specific java file.
It’s a Boolean parameter. We've changed it, compiled and LDAP is working correctly.

Below, I detail the change needed:

The file `ldap-domain.jar` is the one which has to be changed:

user@machine:/opt/MicroFocus/OPB/product/domain/ldap-domain/lib# ls -lrtha ldap-domain.jar*
-rwxrwxr-x 1 root root 47K Jul 29 21:30 ldap-domain.jar.original
-rw-r--r-- 1 root root 53K Oct 15 09:30 ldap-domain.jar

The class is `AbstractLdapConnector`, in the `convertSearchRequest` method, the original line is:

pagedResultsImpl.setCritical(true);


With the value set to true, OPB marks the query extension control as critical, and the ldap says 'unavailableCriticalExtension', and the query return 0 results.

The OPB log shows:

INFO: MessageType : SEARCH_REQUEST
Message ID : -1
SearchRequest
baseDn : 'ou=users,dc=XXXXX,dc=YYYY,dc=ZZ'
filter : '(&(uid=*))'
scope : whole subtree
typesOnly : false
Size Limit : 2147483647
Time Limit : 180000
Deref Aliases : deref Always
attributes : 'uid', 'mail', 'givenName', 'cn', 'modifyTimestamp', 'createTimestamp', 'userAccountControl'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@780b5df8 Paged Search Control
oid : 1.2.840.113556.1.4.319
critical : true
size : '1000'
cookie : ''

We can change the behaviour of the query modifying the line (obviously we've to compile and replace the jar file):

pagedResultsImpl.setCritical(false);

And now it works with their LDAP product and SMAX:

Message ID : -1
SearchRequest
baseDn : 'ou=users,dc=XXXX,dc=YYY,dc=ZZ'
filter : '(uid=*)'
scope : whole subtree
typesOnly : false
Size Limit : 2147483647
Time Limit : 180000
Deref Aliases : deref Always
attributes : 'uid', 'mail', 'givenName', 'cn', 'modifyTimestamp', 'createTimestamp', 'userAccountControl'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@10f48dc9 Paged Search Control
oid : 1.2.840.113556.1.4.319
critical : false
size : '1000'
cookie : ''

 

INFO: LdapSyncTask: Get data from ldap cost 17342ms. Config page size:1000. Config bulk size:1000. Actual bulk size:60. Rest Records size:785

Now the OPB gives the data to SMAX in 60 portions of 1000 users (almost 60.000 users).

With a little more coding, we can add this parameter to be read in execution time in the `ldap.conf` file, modifying the `LdapConfigurationFacade.java`.

Kind Regards.

 

3 Comments
Micro Focus Expert
Micro Focus Expert

if we extend the LDAP supported with this new capability, it could be useful to update the Support Matrix.

Micro Focus Expert
Micro Focus Expert

this is a good Idea for supporting more LDAP integrations and the change is very simple in the OPB.

 

 

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Waiting for Votes

Thank you for sharing your idea! It’s open for comments and kudos, and we’re looking forward to input from the community. Once there is enough community traction, it will be further reviewed by the product team.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.