[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6662) ldapsearch with slapd-ndb only works when filter is a substring
Full_Name: George Tzanetis
Version: 2.4.23 stable
OS: Red Hat Enterprise 5.5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.169.213.126)
It seems that when using slapd-ndb the filters in ldapsearches only work if they
are substrings. i.e *text or text* or te*xt for attributes that are not defined
as indices. If the attribute is defined as an index then the substring filter
does not work, as indicate in the manual.
The slapd.conf is as follows:
pidfile /usr/local/openldap/var/run/slapd.pid
argsfile /usr/local/openldap/var/run/slapd.args
#######################################################################
# NDB database definitions
#######################################################################
#NDB database defintions
database ndb
suffix "dc=example,dc=gr"
rootdn "cn=root,dc=example,dc=gr"
rootpw secret
dbconnect 192.168.6.11
dbhost 192.168.6.12
dbport 3306
dbname openldap
dbuser ldapUser
dbpass "1234"
dbconnections 3
dbsocket /tmp/mysql.sock
attrblob description
index uid
#######################################################################
# Monitor Database definitions
#######################################################################
database monitor
loglevel 5
The ldif of an ou:
version: 1
dn: ou=test,dc=example,dc=gr
objectClass: top
objectClass: organizationalUnit
ou: test
dn: uid=user1,ou=test,dc=example,dc=gr
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: user1
gidNumber: -1
givenName: user1
homeDirectory: *
sn: user1
uid: user1
uidNumber: -1
userPassword:: 1234
dn: uid=user2,ou=test,dc=example,dc=gr
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: user2
gidNumber: -1
givenName: user2
homeDirectory: *
sn: user2
uid: user2
uidNumber: -1
userPassword:: 1234
dn: uid=user3,ou=test,dc=example,dc=gr
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: user3
gidNumber: -1
givenName: user3
homeDirectory: *
sn: user3
uid: user3
uidNumber: -1
userPassword:: 1234
dn: uid=user4,ou=test,dc=example,dc=gr
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: user4
gidNumber: -1
givenName: user4
homeDirectory: *
sn: user4
uid: user4
uidNumber: -1
userPassword:: 1234
the ldapsearch queries:
-search with specific cn inside the ou:
---------------------------------------------------------------------
ldapsearch -h 192.168.132.177 -b 'ou=test,dc=example,dc=gr' -D
"cn=root,dc=example,dc=gr" -L -w 'secret' "cn=user1"
version: 1
#
# LDAPv3
# base <ou=test,dc=example,dc=gr> with scope subtree
# filter: cn=user1
# requesting: ALL
#
# search result
# numResponses: 1
---------------------------------------------------------------------
No result
but if we search the cn as a substring:
---------------------------------------------------------------------
ldapsearch -h 192.168.132.177 -b 'ou=test,dc=example,dc=gr' -D
"cn=root,dc=example,dc=gr" -L -w 'secret1' "cn=user1*"
version: 1
#
# LDAPv3
# base <ou=test,dc=example,dc=gr> with scope subtree
# filter: cn=user1*
# requesting: ALL
#
# user1@test, test, example.gr
dn: uid=user1@test,ou=test,dc=example,dc=gr
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword:: 1234
sn: user1
cn: user1
uid: user1@test
givenName: user1
uidNumber: -1
gidNumber: -1
homeDirectory: *
# search result
# numResponses: 2
# numEntries: 1
---------------------------------------------------------------------
any substring will give a result i.e. cn=*user1, cn=user1*, cn=us*er1 etc.
if we search for cn=user* it will display all entries of the ou as expected.
The same behavior exists if we filter using any other attribute with the
exception of the objectClass attribute, or with the uid attribute which is
indexed.
Is this normal?
Thank you,
George