[Date Prev][Date Next] [Chronological] [Thread] [Top]

filter on objectclass (ITS#1556)

To: openldap-its@OpenLDAP.org
Subject: filter on objectclass (ITS#1556)
From: Kris_Shannon@bigfoot.com
Date: Fri, 25 Jan 2002 00:25:10 GMT

Full_Name: Kris Shannon
Version: 2.0.14
OS: linux (debian woody)
URL: 
Submission from: (NULL) (203.164.90.15)


ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub
'(&(objectclass=posixAccount)(uid=test))'

returns no entries.

ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub '(uid=test)'

returns the entry:

dn: uid=test,ou=People,dc=example,dc=com
uid: test
cn: Test User
sn: Test User
mail: test@example.com
mailRoutingAddress: test@mail.example.com
mailHost: mail.example.com
objectClass: mailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
shadowLastChange: 11684
shadowMax: 99999
shadowWarning: 7
krbName: test@EXAMPLE.COM
loginShell: /bin/bash
uidNumber: 1234
gidNumber: 1234
homeDirectory: /home/test
gecos: test,,,


With all debugging turned on, slapd indicates that the objectClass equality
check returns -1 (which I think means undefined) while the uid equality
check returns 6 (TRUE).
There is no problem with access to either of the attributes (verified from
the debug log as well as the fact that the second search returns both of
them)

The first search is essentially what the libnss-ldap library uses to look
up a user name so this problem prevents moving the user database to ldap :(

-- 
Kris Shannon <Kris_Shannon@bigfoot.com>

Prev by Date: nss_ldap feature broken by changes in tls.c (ITS#1555)
Next by Date: RE: nss_ldap feature broken by changes in tls.c (ITS#1555)
Index(es):
- Chronological
- Thread