[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: search on objectClass: posixAccount yielding no results

--On Tuesday, July 26, 2005 9:53 AM -0700 Dennis <dennis@works4me.com> wrote:


I am running openldap-2.0.27 on CentOS 3.x. The database directory was
already existing - I had a machine die and I copied over the directory,
edited slapd.conf and started openldap. LDAP is being used successfully
by Courier's authlib for authentication. Life was good.

Now I'm trying to get another app working with openldap and a particular
search is failing, and it doesn't seem to make sense to me.

I've tried this search using ldapsearch:
"(&(objectClass=posixAccount)(uid=username))" and it returns zero
results. However, just "(uid=username)" returns the correct result.

Even just "(objectClass=posixAccount)" returns zilch. However,
"(objectClass=person)" returns all the accounts in ldap and
"(&(objectClass=person)(uid=username))" returns the correct result.

So, why is "(objectClass=posixAccount)" not working? All the accounts
have objectClass: posixAccount. Here is an example of the ldif for one of
the accounts:

I would guess that the objectClass index is corrupt.

I will note that OpenLDAP 2.0.27 is an ancient release (2.3.4 is the current release). The newer generations of OpenLDAP are many times more stable and do not suffer much of the database corruption issue found in the old 2.0 line. You may want to examine upgrading to a current release. Note that going from such an old version of OpenLDAP to a current release is likely not trivial.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html