[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP searches don't work unless they're wildcards

To: ldap@umich.edu, openldap-software@OpenLDAP.org, debian-isp@lists.debian.org
Subject: LDAP searches don't work unless they're wildcards
From: hosie@gsat.net.au
Date: Wed, 10 Mar 2004 18:05:24 +1100

Hey lists,

My problem is that searches for valid ldap entries return no results, unless the last character in the search is a wildcard.
e.g.
***************************
[server]:/# ldapsearch -xh localhost -b "o=GSAT Ltd" "cn=andrew hosie" mail
version: 2
#
# filter: cn=andrew hosie
# requesting: mail
#
# search result
search: 2
result: 0 Success
# numResponses: 1
***************************
[server]:/# ldapsearch -xh localhost -b "o=GSAT Ltd" "cn=andrew hosie*" mail
version: 2
#
# filter: cn=andrew hosie*
# requesting: mail
#
# hosie, GSAT Ltd
dn: uid=hosie, o=GSAT Ltd
mail: hosie@gsat.net.au
# minime, GSAT Ltd
dn: uid=minime, o=GSAT Ltd
mail: minime@gsat.net.au
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
***************************
Note: cn is not the only attribute tested, uid, mail, givenName and so on, all result in the same failure.

The server is:
	* Linux kernel 2.4.18
	* Debian woody (3.0r1) build
	* OpenLDAP: slapd 2.0.23-Release

I've analysed the content of entries returned with wildcard searches - there aren't any extra characters at the end of the cn.

I also thought it could be to do with the index's so I altered the following:
[/etc/ldap/schema/gsat/slapd.dynamic_ldbm.conf]
------------------------
index   aci pres
index   cn pres,eq,sub
index   sn pres,eq,sub
index   givenName pres,eq,sub
index   mail pres,eq,sub
index   telephoneNumber pres,eq,sub
index   ntUserDomainId pres,eq,sub
index   uid eq
index   changenumber eq
index   uniquemember eq
index   member eq
index   owner  eq
index   seeAlso eq
------------------------
To reflect "index   uid sub" - still no good.

I'm lost for ideas.

Any assistance will be appreciated.

P.S. /might/ have something to do with it - the schema is not default OpenLDAP - it's built 99% from converted NDS schema entries.
Schema: http://www.gsat.net.au/openldap_schema.tar.gz [11.2KB]

Thanks,

Andrew Hosie
GSAT Technical Consultant
Ph:   1300 65 4728
Ph:  +61 3 5227 8022
Fax: +61 3 5227 8023
http: www.gsat.net.au

Follow-Ups:
- Re: LDAP searches don't work unless they're wildcards
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: LDAP searches don't work unless they're wildcards
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: ldapsearch options question
Next by Date: Re: slurpd slowness and crashes
Index(es):
- Chronological
- Thread