[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: a quick question

Kurt D. Zeilenga wrote:
> At 10:47 PM 6/26/00 +0000, Terry Lambert wrote:
> >> > But when I have someone to do the same thing it
> >> > says no object found.  Do they have to do something in
> >> > order to read my stuff or did I forgot to do something?
> >
> >They probably built their ldapsearch with a different
> >base DN; the base DN is compiled into the binary.
> With OpenLDAP 1.x, no base DNs are compiled into the binary.
> The user just needs to use -b baseDN or specify a default
> baseDN via ldap.conf(5).

OK; let me ammend this:

They probably need to edit their ldap.conf on the remote
machine that's having the problem to match that on the
machine that's not having a problem.


> >This should really go away, and the binary should
> >determine the base DN programatically by querying the
> >directory, since this is easy to do for both LDAPv2
> >and LDAPv3 servers.
> Actually, LDAPv2 provide any discovery mechanism.   And
> with LDAPv3, you likely would have to prompt the user to
> select one of many values of the root DSE's namingContext
> attribute (assuming it was readable)... and even then, these
> may not be the appropriate base DNs for general use.

Actually, this was the first real LDAP question that I
asked: how to get the base DN on an LDAPv2 server.  I
got this answer from Gordon Good:

| For a v2 server, you can try retrieving the entry whose
| DN is "cn=config", as follows:
| ldap_search_s( ld, "cn=config", LDAP_SCOPE_BASE,
|     "(objectclass=*)", attrs, 0, &res );
| Where "attrs" might be:
| char *attrs[] = { "database", NULL };

The UNIX command line to get the information is:

        ldapsearch -s base -b "cn=config" "(objectclass=*)"

For UMICH, you had to enable a compilation option to get the
"monitor" stuff enabled to get this.  I think it should be
"on" by default.

PS: We seem to be having a lot of people talking about LDAP
recently.  It might be worthwhile thinking about creating a
user group in the Bay area, or at least confiscating a group
meeting at BayLISA or the FreeBSD or Linux user groups one
of these days...

-- Terry Lambert
-- Whistle Communications, Inc., an I.B.M. Company
-- terry@whistle.com
This is formal notice under California Assembly Bill 1629, enacted
9/26/98 that any UCE sent to my email address will be billed $50
per incident to the legally allowed maximum of $25,000.