LDAP Sort with ordering rule fails

Question

I am trying to make an ldap query against AD LDS to get users sorted on the cn attribute. The sort ordering rule should not be the default English, but it should order according to Swedish. I am doing this with System.DirectoryServices.Protocols API in .Net.

To reproduce I have installed an AD LDS instance listening on port 389, and installed user object class.

The following code is used (base is copied from Performing a Simple Search ). Ordering rule has been taken from here.

public class LdapSorter
{

    public void SearchUsersSorted()
    {
        string hostOrDomainName = "localhost";
        string targetOu = "cn=Test";

        // create a search filter to find all objects
        string ldapSearchFilter = "(objectClass=user)";

        // establish a connection to the directory
        LdapConnection connection = new LdapConnection(hostOrDomainName);
        connection.SessionOptions.ProtocolVersion = 3;

        Console.WriteLine("\r\nPerforming a simple search ...");

        try
        {
            SearchRequest searchRequest = new SearchRequest
                                            (targetOu,
                                              ldapSearchFilter,
                                              SearchScope.OneLevel,
                                              null);

            searchRequest.Controls.Add(new SortRequestControl("cn", "1.2.840.113556.1.4.1594", false));
            //searchRequest.Controls.Add(new SortRequestControl("cn", false));
            //searchRequest.Controls.Add(new SortRequestControl("cn", true));

            // cast the returned directory response as a SearchResponse object
            SearchResponse searchResponse =
                        (SearchResponse)connection.SendRequest(searchRequest);

            Console.WriteLine("\r\nSearch Response Entries:{0}",
                        searchResponse.Entries.Count);

            // enumerate the entries in the search response
            foreach (SearchResultEntry entry in searchResponse.Entries)
            {
                Console.WriteLine("{0}:{1}",
                    searchResponse.Entries.IndexOf(entry),
                    entry.DistinguishedName);
            }
        }
        catch (DirectoryOperationException e)
        {
            Console.WriteLine("\nUnexpected exception occured:\n\t{0}\n{1}",
                              e, e.Response.ErrorMessage);
            var control = e.Response.Controls.First(c => c is SortResponseControl) as SortResponseControl;
            if (control != null)
            {
                Console.WriteLine("\nControl result: " + control.Result);
            }
        }
    }
}

This is the output:

Performing a simple search ...

Unexpected exception occured:
    System.DirectoryServices.Protocols.DirectoryOperationException: The server does not support the control. The control is critical.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at Sort.LdapSorter.SearchUsersSorted() in C:\Source\slask\DotNetSlask\Sort\LdapSorter.cs:line 41
00000057: LdapErr: DSID-0C090A3D, comment: Error processing control, data 0, v3839

Control result: InappropriateMatching

If using one of the two sort request controls that are commented out instead, then it works, but with English sort order.

Answer 1

So, I have 2 main guesses as to what it could be. First, (looks like you already have some of this) take a look at this post.

How to resolve "The server does not support the control. The control is critical." Active Directory error

Might want to try the auth part and see if it changes anything for you.

Second, the OID you are using for sorting is for Swedish (might be intentional), but it's possible the server can't sort in Swedish w/o the Swedish language pack (or something to that effect). You can try the "English (United States)" option (1.2.840.113556.1.4.1499) and see if that gives you a different result.

EDIT: Nevermind, I guess I missed the last sentence of your post :) I assume you are connecting to a Windows Server to run these LDAP queries? If so, my guess would be the server not having the Swedish language pack installed, but I don't have experience with LDAP and foreign languages, so no guarantees that will fix it.