[Engine-devel] Adding support for OpenLDAP to oVirt

Tue Mar 26 12:10:46 UTC 2013

Hallo together,

adding support for OpenLDAP has been working fine so far, but before bringing it to the review process, I would like to discuss the following issue. When querying the RootDSE most of the attributes are defined as operational attributes, and standard says, those must be requested explicitly. Among them is namingContexts, which for OpenLDAP, has to be requested. Therefore I had to change the searchControl and define the attributes to return. This could be affecting other directory servers. So far the test classes have run fine, and I could successfully test adding and authenticating against ActiveDirectory and IPA. RHDS and ITDS have not been tested. So the question is, could the following patch break something?

diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
index 01294c6..60033ff 100644
--- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
+++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/ldap/RootDSEQueryInfo.java
@@ -21,8 +21,10 @@ public class RootDSEQueryInfo {
      * @return
      */
     public static SearchControls createSearchControls() {
+        String[] returnAttributes = {NAMING_CONTEXTS_RESULT_ATTRIBUTE, DEFAULT_NAMING_CONTEXT_RESULT_ATTRIBUTE};
         SearchControls searchControls = new SearchControls();
         searchControls.setSearchScope(SearchControls.OBJECT_SCOPE);
+        searchControls.setReturningAttributes(returnAttributes);
         // Added this in order to prevent a warning saying: "the returning obj flag wasn't set, setting it to true"
         searchControls.setReturningObjFlag(true);
         return searchControls;


