[Date Prev][Date Next] [Chronological] [Thread] [Top]

filter on objectclass (ITS#1556)

Full_Name: Kris Shannon
Version: 2.0.14
OS: linux (debian woody)
Submission from: (NULL) (

ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub

returns no entries.

ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub '(uid=test)'

returns the entry:

dn: uid=test,ou=People,dc=example,dc=com
uid: test
cn: Test User
sn: Test User
mail: test@example.com
mailRoutingAddress: test@mail.example.com
mailHost: mail.example.com
objectClass: mailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
shadowLastChange: 11684
shadowMax: 99999
shadowWarning: 7
krbName: test@EXAMPLE.COM
loginShell: /bin/bash
uidNumber: 1234
gidNumber: 1234
homeDirectory: /home/test
gecos: test,,,

With all debugging turned on, slapd indicates that the objectClass equality
check returns -1 (which I think means undefined) while the uid equality
check returns 6 (TRUE).
There is no problem with access to either of the attributes (verified from
the debug log as well as the fact that the second search returns both of

The first search is essentially what the libnss-ldap library uses to look
up a user name so this problem prevents moving the user database to ldap :(

Kris Shannon <Kris_Shannon@bigfoot.com>