[Date Prev][Date Next] [Chronological] [Thread] [Top]

Back-ldap proxy for AD filter problems



Hi

I'm using back-ldap as proxy/attribute filter for an AD

The problem comes when some clients (Windows Address Books) can find data on AD but can't find anything through OpenLDAP 2.0.25. But some others Windows Address Books can find data on both.

I putted slapd in debug mode and I find some differences:


success:

SRCH "" 0 3    100 60 0
begin get_filter
PRESENT
ber_scanf fmt (o) ber:
ber_dump: buf=0x080cd7e8 ptr=0x080cd802 end=0x080cd82c len=42
  0000:  87 0b 6f 62 6a 65 63 74  63 6c 61 73 73 30 84 00   ..objectclass0..
  0010:  00 00 17 04 15 73 75 70  70 6f 72 74 65 64 43 61   .....supportedCa
  0020:  70 61 62 69 6c 69 74 69  65 73                     pabilities
end get_filter 0
    filter: (objectClass=*)
ber_scanf fmt ({v}}) ber:
ber_dump: buf=0x080cd7e8 ptr=0x080cd80f end=0x080cd82c len=29
  0000:  30 84 00 00 00 17 04 15  73 75 70 70 6f 72 74 65   0.......supporte
  0010:  64 43 61 70 61 62 69 6c  69 74 69 65 73            dCapabilities
    attrs: supportedCapabilities
=> test_filter
    PRESENT
=> access_allowed: search access to "" "objectClass" requested
=> access_allowed: backend default search access granted to "CN=BIANQUETTI DE LAS HERAS\, JORGE,OU=USUARIOS INSTALACIONES SADIEL,OU=SADIEL,DC=SADIEL,DC=ES"
<= test_filter 6
=> send_search_entry: ""
=> access_allowed: read access to "" "entry" requested
=> access_allowed: backend default read access granted to "CN=BIANQUETTI DE LAS HERAS\, JORGE,OU=USUARIOS INSTALACIONES SADIEL,OU=SADIEL,DC=SADIEL,DC=ES"

Failed:

There's nothing like this.

Success:

  INITIAL
end get_substring_filter
end get_filter 0
begin get_filter
OR
begin get_filter_list
begin get_filter
SUBSTRINGS
begin get_substring_filter

end get_substring_filter
end get_filter 0
end get_filter_list
end get_filter 0
end get_filter_list
end get_filter 0
end get_filter_list
end get_filter 0
    filter: (|(mail=colo*)(|(cn=colo*)(|(sn=colo*)(givenName=colo*))))
ber_scanf fmt ({v}}) ber:

ldap_search
put_filter "(|(mail=colo*)(|(cn=colo*)(|(sn=colo*)(givenName=colo*))))"
put_filter: OR
put_filter_list "(mail=colo*)(|(cn=colo*)(|(sn=colo*)(givenName=colo*)))"
put_filter "(mail=colo*)"
put_filter: simple
put_simple_filter "mail=colo*"
put_substring_filter "mail=colo*"
put_filter "(|(cn=colo*)(|(sn=colo*)(givenName=colo*)))"
put_filter: OR
put_filter_list "(cn=colo*)(|(sn=colo*)(givenName=colo*))"
put_filter "(cn=colo*)"
put_filter: simple
put_simple_filter "cn=colo*"
put_substring_filter "cn=colo*"
put_filter "(|(sn=colo*)(givenName=colo*))"
put_filter: OR  
put_filter_list "(sn=colo*)(givenName=colo*)"
put_filter "(sn=colo*)"
put_filter: simple
put_simple_filter "sn=colo*"
put_substring_filter "sn=colo*"
put_filter "(givenName=colo*)"
put_filter: simple
put_simple_filter "givenName=colo*"
put_substring_filter "givenName=colo*"

Failed: 


SRCH "dc=sadiel,dc=es" 2 3    100 60 0
begin get_filter
AND
begin get_filter_list
begin get_filter   
OR
begin get_filter_list
begin get_filter
SUBSTRINGS
begin get_substring_filter

  INITIAL  
end get_substring_filter
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({oo}) ber:


end get_filter 0
end get_filter_list
end get_filter 0
end get_filter_list
end get_filter 0  
    filter: (&(|(mail=col*)(badfilter))(|(badfilter)(badfilter)))
ber_scanf fmt ({v}}) ber:

ldap_search     
put_filter "(&(|(mail=col*)(badfilter))(|(badfilter)(badfilter)))"
put_filter: AND
put_filter_list "(|(mail=col*)(badfilter))(|(badfilter)(badfilter))"
put_filter "(|(mail=col*)(badfilter))"
put_filter: OR
put_filter_list "(mail=col*)(badfilter)"
put_filter "(mail=col*)"
put_filter: simple
put_simple_filter "mail=col*"
put_substring_filter "mail=col*"
put_filter "(badfilter)"
put_filter: simple
put_simple_filter "badfilter"
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: 1::
send_ldap_response: msgid=11 tag=101 err=1


Where comes badfilter?? 
-- 
	Jorge Bianquetti de las Heras
	SADIEL, S.A.
	c/ Isaac Newton s/n, Edificio Sadiel, Isla de la Cartuja
	41092 SEVILLA
	Tel.: 955 04 36 00      Fax : 955 04 36 01
	http://www.sadiel.es   e-mail: jbianquettiATsadiel.es