[Date Prev][Date Next] [Chronological] [Thread] [Top]

problems search LDAP starting from Netscape Enterprise server


I use servers W3 Netscape Enterprise V3.61. I give the access permission to certain repertories (ACL) via LDAP. 

I encounter problems with OpenLDAP when I pose a ACL on a group. 

For example, I authorize a group to access with a repertory of my site W3. This fail with the server OpenLDAP, but works with another server LDAP. 

Here technical information: 

1) the account and the group of test: 

dn: uid=bond007, dc=univ-nancy2,dc=fr
uid: bond007
userpassword: {crypt}XXXXXXX
givenname: BOND
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: James
cn: James BOND

dn: cn=grptest,dc=univ-nancy2,dc=fr
objectclass: top
objectclass: groupOfUniqueNames
cn: grptest
uniquemember: uid=bond007,dc=univ-nancy2,dc=fr

2) the OpenLDAP logs when the user bond007 attemps to acces to resource W3: 

conn=0 fd=5 connection from toto.univ-nancy2.fr ( accepted.
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT err=0 tag=97 nentries=0
conn=0 op=1 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(uid=BOND007)"
conn=0 op=1 RESULT err=0 tag=101 nentries=1
conn=0 op=2 BIND dn="UID=BOND007,DC=UNIV-NANCY2,DC=FR" method=128
conn=0 op=2 RESULT err=0 tag=97 nentries=0
conn=0 op=3 BIND dn="" method=128
conn=0 op=3 RESULT err=0 tag=97 nentries=0
conn=0 op=4 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(|(&(objectclass=GROUPOFUNIQUENAMES)(|(uniquemember=UID=BOND007, DC=UNIV-NANCY2,DC=FR)))(&(objectclass=GROUPOFNAMES)(|(member=UID=BOND007,DC=UNIV-NANCY2,DC=FR))))"
conn=0 op=4 RESULT err=0 tag=101 nentries=0

It is noted that nentries=0, therefore that OpenLDAP does not find a user bond007 to be a member of
a group LDAP (objectclass GroupOfUniqueNames or GroupOfNames). 

3) I launch the same request with ldapsearch, and nentries=1: 

conn=1 fd=11 connection from etudiant.univ-nancy2.fr ( accepted.
conn=1 op=0 BIND dn="" method=128
conn=1 op=0 RESULT err=0 tag=97 nentries=0
conn=1 op=1 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(|(&(objectclass=GROUPOFUNIQUENAMES)(|(uniquemember=UID=BOND007,DC=UNIV-NANCY2,DC=FR)))(&(objectclass=GROUPOFNAMES)(|(member=UID=BOND007,DC=UNIV-NANCY2,DC=FR))))"
conn=1 op=1 RESULT err=0 tag=101 nentries=1
conn=1 op=2 UNBIND
conn=1 op=2 fd=11 closed errno=0

Here the launched requete: 

SCOPE=sub   # base,one,sub
$BIN/ldapsearch -D "$USER" -w "$PASS" -h $HOST -p $PORT -s $SCOPE -b "$SEARCHBASE" $FILTER $ATTRIB

I do not see where is the difference, and why OpenLDAP does not find the user in the first case. I tested tiny / capital, without seeing difference. 

An idea? 

Thank you 
Vincent MATHIEU			
CRI - Universite NANCY 2              | Email : Vincent.Mathieu@univ-nancy2.fr
Pole Lorrain de Gestion                 | Tel   : (33)
13, Rue Michel Ney - C.O. 75        | Fax   : (33)