N
Nick Dakoronias
Hello Forum users,
We have a bank customer using an OEM Filenet (Workflow) application
performing
LDAP queries in Win2k AD schema to retrieve the list of Domain Controllers.
The user authentication for the OEM applicaton (FileNet) is actually carried
out via "Process Engine" and an LDAP query similar to:
ldapsearch -h 172.25.50.165 -d1 -b "cn=System,dc=s1p8,dc=bpm" -D
"cn=PEAdmin,cn=Users,dc=s1p8,dc=bpm" -w filenet -s sub
"objectClass=trustedDomain" > ldapsearchClass.txt
My question actualy refers on the sorting/indexing/filtering capabilities of
LDAP query results. The target is to find away to filter/Index/sort these
results, in terms of changing the order of found items (DCs) in the list.
For instance, it would be preferable for the query to give as a result only
domain controllers from the root domain and afterwards from the child. Such
manipulation could prevent failed authentications for registered users due
to -planned or accidental- changes in DC within AD Schema..
According to MSDN technical article at URL >
http://msdn2.microsoft.com/en-us/library/aa366990.aspx , the usage of the
LDAP_SERVER_SORT_OID control within an extended LDAP search function, could
assist in terms of instructing the server to sort the search results (i.e.
list of Domain Controllers) before returning it to the client application.
I assume this control flag should be integrated within OEM application code
by the application vendor, but there is not much information &
documentation about how to do that.
Is there another way to change the order of DCs (Domain Controllers), in
LDAP query results list? How this could be integrated to application
(FileNet) code?
-----------------------------------------------------------------------------------
P.S:
At this point, I can recall some basic index filters in LDAP server, as
listed in RFC 2254 at URL> http://www.rfc-editor.org/rfc/rfc2254.txt such
as: index default eq index cn eq,sub index sn eq,sub,approx index
uidNumber, but I am wondering if they could be used at all...
Any advise will be much appreciated.
Regards, Nick.
We have a bank customer using an OEM Filenet (Workflow) application
performing
LDAP queries in Win2k AD schema to retrieve the list of Domain Controllers.
The user authentication for the OEM applicaton (FileNet) is actually carried
out via "Process Engine" and an LDAP query similar to:
ldapsearch -h 172.25.50.165 -d1 -b "cn=System,dc=s1p8,dc=bpm" -D
"cn=PEAdmin,cn=Users,dc=s1p8,dc=bpm" -w filenet -s sub
"objectClass=trustedDomain" > ldapsearchClass.txt
My question actualy refers on the sorting/indexing/filtering capabilities of
LDAP query results. The target is to find away to filter/Index/sort these
results, in terms of changing the order of found items (DCs) in the list.
For instance, it would be preferable for the query to give as a result only
domain controllers from the root domain and afterwards from the child. Such
manipulation could prevent failed authentications for registered users due
to -planned or accidental- changes in DC within AD Schema..
According to MSDN technical article at URL >
http://msdn2.microsoft.com/en-us/library/aa366990.aspx , the usage of the
LDAP_SERVER_SORT_OID control within an extended LDAP search function, could
assist in terms of instructing the server to sort the search results (i.e.
list of Domain Controllers) before returning it to the client application.
I assume this control flag should be integrated within OEM application code
by the application vendor, but there is not much information &
documentation about how to do that.
Is there another way to change the order of DCs (Domain Controllers), in
LDAP query results list? How this could be integrated to application
(FileNet) code?
-----------------------------------------------------------------------------------
P.S:
At this point, I can recall some basic index filters in LDAP server, as
listed in RFC 2254 at URL> http://www.rfc-editor.org/rfc/rfc2254.txt such
as: index default eq index cn eq,sub index sn eq,sub,approx index
uidNumber, but I am wondering if they could be used at all...
Any advise will be much appreciated.
Regards, Nick.