[Date Prev][Date Next] [Chronological] [Thread] [Top]

Difficulty searching by groupOfNames member

To: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
Subject: Difficulty searching by groupOfNames member
From: Kristin Engstrom <Kristin.Engstrom@netiq.com>
Date: Thu, 25 Jul 2002 16:09:09 -0700
Deferred-delivery: Thu, 25 Jul 2002 16:00:00 -0700

I'm having some difficulty searching by groupOfNames.member.  What's
particularly frustrating is that a few weeks ago I was able to make this
work.  (I was just learning LDAP back then and was having enough trouble
with the syntax that I literally created a text file named "Simple LDAP
commands that work.txt" and stored working command in it.)

Here's what I believe are the relevant pieces:

slapd.conf:
===========
...
access to * by * write
...
rootdn		"cn=Manager,dc=netiq,dc=com"
rootpw		secret
...
index default pres,eq
index objectClass,uid
index member pres,eq
index cn,sn pres,eq,sub

directory entry (one among many):
=================================
...
# Some_CustomerN_Users, groups, CustomerN, netiq, com
dn: cn=Some_CustomerN_Users, ou=groups, o=CustomerN, dc=netiq, dc=com
objectClass: top
objectClass: groupOfNames
cn: Some_CustomerN_Users
member: cn=Jessica Coffin, ou=people, o=CustomerN, dc=netiq, dc=com
member: cn=Jeremiah Coffin, ou=people, o=CustomerN, dc=netiq, dc=com
member: cn=Rosemary Fischer, ou=people, o=CustomerN, dc=netiq, dc=com
businessCategory: None
description: Some users in CustomerN
...

command:
========
ldapsearch -x -b "dc=netiq,dc=com" -D "cn=Manager,dc=netiq,dc=com" -w secret
"(&(objectclass=groupOfNames)(member=cn=Rosemary Fischer, ou=people,
o=CustomerN, dc=netiq,  dc=com))"


I know the entry is in the directory because it shows up when I use the
following command:  
ldapsearch -x -b "dc=netiq,dc=com" -D "cn=Manager,dc=netiq,dc=com" -w secret
"(objectclass=groupOfNames)"

Since the time when my member search command worked, I've played around with
different  indexing schemes and done some load testing.  Now, I'm back to a
small test directory, though, and have made sure my indexes are up to date
(by using slapindex or loading using ldapadd).  Nevertheless, I've devoted
almost two days to getting my search by member to work again and am now at a
total loss.  Should I not be looking at access and index configuration
settings?  What could  possibly have changed such that I am no longer able
to search by group member?

Any tips would be greatly appreciated.

Kristin

Follow-Ups:
- Re: Difficulty searching by groupOfNames member
  - From: Bruno Eteve <bruno.eteve@atempo.com>

Prev by Date: RE: (fixed) Re: nss not resolving group id's
Next by Date: Changing Passwords over the web
Index(es):
- Chronological
- Thread