As mentioned in the comment to the release blog entry, the newest released version of AdFind has an issue with LDAP directories that don’t return the supportedControl attribute by default in the standard RootDSE retrieval. If you only use AdFind for Active Directory or ADAM/ADLDS, that is not an issue for you. If you use it to query say OpenLDAP, then that is a problem. Apologies as I don’t do any official testing against the non-MSFT directories though likely I may take up testing against OpenLDAP in the near future since it is freely available and pretty common.
I have a new beta that I am testing now that corrects the issue as well as an additional switch to bypass the check in case there is some other issue that crops up such as a directory that supports paging but doesn’t list it as a supported control. Also since I was looking at the OpenLDAP RootDSE I spent some time to add some decodes for the controls/features/extension OIDs of the OpenLDAP RootDSE. I was trying to work out how to determine the OpenLDAP version from the rootdse but don’t see it right off so likely won’t get that in there. However the directory type will say OpenLDAP now when you query an OpenLDAP directory. For example:
G:\Temp>adfind -hh ldap.testathon.net -rootdseanon
AdFind V01.44.00cpp Joe Richards (joe@joeware.net) February 2011
Using server: ldap.testathon.net:389
Directory: OpenLDAPdn:
>objectClass: top
>objectClass: OpenLDAProotDSE
Like it does for Windows Directories
G:\Temp>adfind -hh . -rootdse
AdFind V01.44.00cpp Joe Richards (joe@joeware.net) February 2011
Using server: SFMWIN764.test.loc:389
Directory: Windows Server 2008 R2 Active Directory Application Modedn:
If you want some more coverage in AdFind/AdMod for other non-MSFT directories, let me know. I don’t guarantee anything but I can give it a shot by at least adding the requests to the DCR lists. At a minimum the directory needs to be LDAPv3 and support paging. If you want me to have AdFind identify the directory type, supply the full output of the rootdse so that I can see if there is an identifier to display the proper string. For example, with Windows directories, I parse the supportedCapabilities attribute, for OpenLDAP I used the structuralObjectClass attribute.
Also if you know of any publicly available instances of a given directory type to test against, please let me know. I found a public instance of OpenLDAP at http://blog.stuartlewis.com/2008/07/07/test-ldap-service/, OpenLDAP allegedly has one also at ldap.openldap.org but that doesn’t work for me. I get Server Down both from Wide Open West cable and Comcast cable internet systems.
joe
