[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dn without suffix in ldapsearch query

On Fri, 2006-06-16 at 12:19 -0700, Prachi Sonalkar wrote:
> Hi,
> For a suffix "o=organization,c=US"
> Is there a way to be able to execute
> ldapsearch -x -D "cn=manager" -w xxxx < search filter>
> instead of providing a complete binddn:
> "cn=manager,o=organization,c=US" in the ldapsearch
> query?
> Is there a configuration setting available for this?
> Currently, if I try to do it, it won't work, since  dn
> does not contain the suffix, so it says "no global
> superior knowledge" and does not understand where to
> look for, which makes sense.
> But i need to be able to execute the query as
> mentioned above.

I understand your problem because I heard this question many times, and
occasionally I had to invent something to solve it as a workaround to
some other error (e.g. broken client, broken users and so).  Knowing the
exact reason you need to do that would help in pointing you to the most
appropriate solution (e.g. use the fully qualified DN, in most cases, or
use SASL, in others) or to a workaround (e.g. use some form of DN
rewriting that qualifies the DN on behalf of the client/user).


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it