Re: How to get searches to work from root dn?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:03 PM 9/14/99 +0300, Jukka Vaisanen wrote:
>
>I am trying to set up a LDAP server that would service our Outlook
>software with email addresses. 
>
>The problem is, I cannot seem to add nodes directly under the root in the
>slapd and a search with no base dn doesn't seem to find the nodes under
>dc=iscape,dc=fi.
>
>This works:  ldapsearch "(sn=Vai*)" -h dell -b "dc=iscape, dc=fi"
>This doesnt: ldapsearch "(sn=Vai*)" -h dell

You can set a default search base via ldap.conf(5).

>Outlook can be configured to give a search root but I'd rather not since
>some other programs (like in.xfingerd in the package) can't be configured
>for it.

Specify a search base.  Using a search base of "" makes little
sense (excepting if you are search for an LDAPv3 RootDSE).

in.xfingerd(8) should use the default search base defined
in ldap.conf(5).  If not, submit an ITS and someone will look
into it when they get a chance.  A "-b base" option should be
added, you can submit a separate ITS requesting this enhancement
if you like.  Both would be nice intro projects for developers.

>This is how I have populated the db now with ldapadd:
>
>dn: dc=iscape, dc=fi
>dc: iscape
>o: Iscape Software Ltd
>objectclass: organization
>objectclass: dcObject
>
>dn: cn=Jukka Vaisanen, dc=iscape, dc=fi
>objectClass: person
>cn: Jukka Vaisanen
>sn: Vaisanen
>title: Managing Director
>mail: jukka.vaisanen@iscape.fi
>uid: vaizki
>
>And I cannot seem to be able to add a node just for dc=fi.. How do I
>change my config/data to make searches work without a base dn?

All search operations have a base dn.  It makes little sense
(in general) to configure a database with null suffix ("") and
may not provide the results you are looking for.

I recommend you configure clients to use an appropriate
non-null search base such as "dc=iscape, dc=fi".  

Kurt