Added logic to return LdapResultCode::NoSuchObject (error 32) when a base scope
search returns no results, instead of returning Success with zero entries. This
aligns with RFC 4511 LDAP specification.
When querying for pwdChangedTime, the timestamp is returned in RFC3339 format instead of the expected LDAP GeneralizedTime format (YYYYMMDDHHMMSSZ). This causes issues when LLDAP is used with systems like Keycloak that expect proper LDAP timestamp formatting.
By making it a &'static, we can have a single allocation for all the threads/async contexts.
This also normalizes the whitespace from the user input; a trailing \n can cause weird issues with clients
Add a modifyTimestamp attribute to LDAP entries for users and groups, and expose pwdChangedTime for users.
These attributes let clients track when an entry (or its password) was last changed.
- modifyTimestamp is a server-maintained attribute that updates on any write to user or group entries, including membership changes (on the group side).
- pwdChangedTime is set when a user’s password is created or changed.
Add a subschema entry to the rootDSE, which shows all attributes and
objectclasses present on the LLDAP server, which is needed for some
applications that need to index the LDAP server. The current
implementation's goal is to have a bare minimum working subschema which
follows the LDAP RFC. It also updates the GraphQL interface to follow
the changes that have been made in actually separating out
objectclasses, instead of having them as an attribute.
Co-authored-by: nitnelave <valentin@tolmer.fr>
copilot-swe-agent[bot]