Full_Name: Evaristo Camarero Version: 2.4.13 OS: SuSe 10 SP1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (83.32.53.80) The issue is related with indexes support in the back-ndb that uses MySQL Cluster NDB backend. The problem happens when you define more than one index in the slapd.conf, and you try a search operation using a filter that does not contain the first define index. This my config in slapd.conf for the back-ndb ######################################################## # NDB ######################################################### database ndb suffix dc=example,dc=com rootdn cn=Manager,dc=example,dc=com rootpw secret dbname OpenLDAP dbuser root dbpass whatever # MySQL Server dbhost localhost # NDB management host dbconnect localhost # Number of API connections in the NDB cluster dbconnections 5 dbsocket /tmp/mysql.sock index cn index sn I have loaded the following LDIF file in the server: # root dn: dc=example,dc=com objectClass: organization objectClass: dcObject o: Example, Inc. dc: example # people dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People # company-wide address book dn: ou=Address Book,dc=example,dc=com objectClass: organizationalUnit ou: Address Book # entry in company-wide address book dn: cn=Rosco P. Coltrane,ou=Address Book,dc=example,dc=com objectClass: inetOrgPerson cn: Rosco P. Coltrane sn: Coltrane mail: rpc@example.com # address book administrator dn: cn=Admin,ou=People,dc=example,dc=com objectClass: inetOrgPerson cn: Admin sn: Admin userPassword: admin # person dn: cn=Flash Gordon,ou=People,dc=example,dc=com objectClass: inetOrgPerson cn: Flash Gordon sn: Gordon mail: fg@example.com userPassword: secret # person's personal address book dn: ou=Address Book,cn=Flash Gordon,ou=People,dc=example,dc=com objectClass: organizationalUnit ou: Address Book # another person dn: cn=Clark Kent,ou=People,dc=example,dc=com objectClass: inetOrgPerson cn: Clark Kent sn: Kent mail: ck@example.com userPassword: secret # another person's personal address book dn: ou=Address Book,cn=Clark Kent,ou=People,dc=example,dc=com objectClass: organizationalUnit ou: Address Book # entry in another person's personal address book dn: cn=Mickey Mouse,ou=Address Book,cn=Clark Kent,ou=People,dc=example,dc=com objectClass: inetOrgPerson cn: Mickey Mouse sn: Mouse mail: mickey.mouse@example.com # one more person, yet without personal address book dn: cn=Donald Duck,ou=People,dc=example,dc=com objectClass: inetOrgPerson cn: Donald Duck sn: Duck mail: dd@example.com userPassword: secret Using the first defined index (cn), works fine: ldapsearch -x -h localhost -p 20389 -b "dc=example,dc=com" 'cn=Clark Kent' # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: cn=Clark Kent # requesting: ALL # # Clark Kent, People, example.com dn: cn=Clark Kent,ou=People,dc=example,dc=com objectClass: inetOrgPerson userPassword:: c2VjcmV0 sn: Kent cn: Clark Kent mail: ck@example.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 But using the second defined index, does not work: ldapsearch -x -h localhost -p 20389 -b "dc=example,dc=com" 'sn=Kent' # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: sn=Kent # requesting: ALL # # search result search: 2 result: 0 Success # numResponses: 1 Tell me if you need more details. Thanks in advance
This is a known limitation in the current version of back-ndb. (See this message for further details http://www.openldap.org/lists/openldap-devel/200810/msg00094.html ) Note that back-ndb is marked "Experimental". You should not use it unless you're prepared to write fixes for it.
changed state Open to Suspended
moved from Incoming to Development