Knock, knock! Who's there?

Dealing with OS and Identity

Dealing with OpenLDAP XMA 1.1: Undocumented Parameters

Dealing with OpenLDAP XMA 1.1: Undocumented Parameters

  • Comments 1
  • Likes

Along with the parameters available in the Configuration Guide, there are a few that are not documented but can be kind of useful:

  • excludedTypes. Object types separated by comma. Provides a way to filter out certain object types in LDAP searches. This typically helps solving duplicated objects in DSML import file.
  • storedChangeNumberOverride. You can put a number that matches the lastChangeNumber you are interested in. Makes the XMA try to use an override for 'lastChangeNumber' when using changelog. This can be used for troubleshooting to roll through changes again.
  • deltaAttributeFormat. The default format for the deltaAttribute parameter is a string that represents a timestamp in "yyyyMMddHHmmss" format. The deltaAttributeFormat custom parameter allows to override this format when the XMA uses System.DateTime.TryParseExact() to build watermarks.
  • ocFilter-<object type>. Allows to define fine grain filters for the object types you get in your import file. Multiple filters can be defined for a single object type by separating LDAP filters with "~". For example:
    • If you want only inetOrgPerson objects wich shoeSize attribute is between 35 and 40, and those that have 42, you can define the following custom parameter:
      ocFilter-inetOrgPerson = (&(shoeSize>=35)(shoeSize<=40))~(shoeSize=42)

      This parameter will produce two searches indeed: 
      (&(objectclass=inetOrgPerson)(&(shoeSize>=35)(shoeSize<=40))) and
      (&(objectclass=inetOrgPerson)(shoeSize=42))

      This is the code snippet that builds the searchFilters when processing the ocFilter-* parameters (put into m_SearchFilters[] array):

    • image

       

      Edit:

      Recently I have found some quirks in the filtering feature.

      For some reason, the following query returns invalid filter error to retrieve "accountStatus value is present but not equals XX":

       

      (&(!(accountStatus=XX))(!(accountStatus=)))

       

      So you have to specify the most simple form :):

       

      (&(!(accountStatus=XX))(accountStatus=*))

       

       

       

Comments
  • After a few modification i got this to work with a very large eDirectory Tree.

    Also, There are more hidden parameters :)

    skipDeltaImportDeletedEntry

    trawlingNamingAttributes

    clientCertificate

    clientCertificatePassword

    I used the skipDeltaImportDeletedEntry to do delta imports faster and process deletes from attributes we already use for terminates :)

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment