[Date Prev][Date Next] [Chronological] [Thread] [Top]

No Results from Ldapsearch

To: openldap-software@openldap.org
Subject: No Results from Ldapsearch
From: The Hwyman <the_hwyman@yahoo.com>
Date: Sun, 11 May 2008 13:52:45 -0700 (PDT)

I'm running Red Hat Enterprise 5 (x86_64) and Openldap version 2.3.27
from official rpms. I have installed openldap, openldap-devel,
openldap-clients, and openldap-servers.

The following command:

ldapsearch -x -b "dc=example,dc=com" '(uid=jsmith)'

produces the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
--

If I specify the jsmith user (or any other user) using -D -W, I get the
same results.  If I specify the rootdn user:

ldapsearch -x -D "cn=manager,dc=example,dc=com" -W -b
"dc=example,dc=com" '(uid=jsmith)'

I get the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# jsmith, users, example.com
dn: uid=jsmith,ou=users,dc=example,dc=com
uid: jsmith
cn: jsmith
homeDirectory: /home/jsmith
uidNumber: xxx
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
gidNumber: xxx
gecos: John Smith
sn: Smith
shadowLastChange: xxx
userPassword:: xxx
loginShell: /sbin/nologin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
--

The problem is that I have not disabled annonymous or user access other
than to set ACLs for the userPassword field.  The user jsmith can't
even do a search on himself.  

I've tried slapacl and confirmed that annonymous as well as the jsmith
user can read the uid field.  I even tried reindexing using slapindex,
but that didn't work either.

Here is my slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/qmail.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
rootpw          xxx
access to attrs=userPassword
  by anonymous  auth
  by self       write
  by *          none
access to attrs=uid
  by *          read
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

Am I missing something??

Thanks!

Follow-Ups:
- Re: No Results from Ldapsearch
  - From: "Chris G. Sellers" <chris.sellers@nitle.org>
- Re: No Results from Ldapsearch
  - From: Ryan Steele <rsteele@archer-group.com>

Prev by Date: use of slappasswd -T file and ldappasswd -T file
Next by Date: openldap linking attributes support
Index(es):
- Chronological
- Thread