from research i've done, appears need send special oid request (1.2.840.113556.1.4.417) in order access deleted objects container.
i couldn't find way send specific control request using "net-ldap" gem. know if possible?
there gem, ruby-ldap, appears more flexible , seems can send controls request (e.g. using search_ext2() method).
however, no matter try, not getting objects, though know haven't been garbage collected yet.
i'm including filter "isdeleted=true" requests well.
ok, figured out. 1 need use ruby-ldap gem. reason controls not being sent because ldap protocol version (ldap::ldap_opt_protocol_version) had defaulted v2 , apparently must v3.
the following snippet works:
require 'ldap' conn = ldap::conn.new('yourserver.example.com', 389) conn.set_option(ldap::ldap_opt_protocol_version, 3) conn.bind("cn=administrator,cn=users,dc=example,dc=com", "sekritpass") # controltype: 1.2.840.113556.1.4.417 (ldap_server_show_deleted_oid) control = ldap::control.new('1.2.840.113556.1.4.417') conn.search_ext2('cn=deleted objects,dc=example,dc=com', ldap::ldap_scope_subtree, "(isdeleted=*)", nil, false, [control], nil) the filter (isdeleted=*) isn't required, use (objectclass=*). can use scope ldap::ldap_scope_onelevel if desired.
Comments
Post a Comment