[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't get memberof filter working

To: masarati@aero.polimi.it
Subject: Re: can't get memberof filter working
From: Gerardo Herzig <gherzig@fmed.uba.ar>
Date: Fri, 12 Aug 2011 15:10:27 -0300
Cc: openldap-technical@openldap.org
In-reply-to: <7b27c463590a3c7f8ce2881934e84757.squirrel@www.aero.polimi.it>
References: <1313070351.25479.10.camel@inca.fmed.uba.ar> <7b27c463590a3c7f8ce2881934e84757.squirrel@www.aero.polimi.it>

El jue, 11-08-2011 a las 16:58 +0200, masarati@aero.polimi.it escribiÃ:
> > Hi all. Im having hard time triyng to figure out what is wrong with this
> > ldap query:
> >
> > Im triyng to filter a specific user inside a specific group. Like this
> > /usr/bin/ldapsearch -x -D ".." -w..
> > -b "o=Work"
> > "(&(uniquemember=uid=gherzig,ou=People,o=Work)
> > (memberof=cn=MailUsers,ou=Groups,o=Work))"
> >
> > It gets no results, but if i remove the memberof part, it works good.
> > "(&(uniquemember=uid=gherzig,ou=People,o=Work))" as a filter gives me
> > all the entries that users is in.
> >
> > What is wrong?
> > BTW specifiyng a different basesearch is not an option, i need that base
> > as it is.
> 
> There may be many causes; typically:
> 
> - the client's identity does not have search access on memberOf
> 
> - memberOf is not defined in schema, and the filter is undefined
> 
> Check the server's logs for hints.  If "stats" does not suffice, add "acl"
> and "trace".
> 
> p.
> 

Thanks for your time.
I have a preety default conf:

access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,uid,cn
        by self write
        by * read

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * search

(Besides, im binding with the rootDN)

And after executing ldapsearch, this appears in the logs

Aug 12 14:55:44 inca slapd[28386]: conn=1005 fd=17 ACCEPT from
IP=[::1]:55027 (IP=[::]:389)
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND
dn="cn=Manager,..." method=128
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND
dn="cn=Manager,o=Work" mech=SIMPLE ssf=0
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 RESULT tag=97 err=0
text=
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=1 SRCH base="o=Work"
scope=2 deref=0
filter="(&(&(memberOf=cn=MailUsers,ou=groups,o=Work)(uniqueMember=uid=gherzig,ou=people,o=Work)))"
Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates:
(memberOf) not indexed
Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates:
(uniqueMember) not indexed
Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=2 UNBIND
Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 12 14:55:48 inca slapd[28386]: conn=1005 fd=17 closed

Any other hints?

Thanks again.
Gerardo

Follow-Ups:
- Re: can't get memberof filter working
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- can't get memberof filter working
  - From: Gerardo Herzig <gherzig@fmed.uba.ar>
- Re: can't get memberof filter working
  - From: masarati@aero.polimi.it

Prev by Date: Re: Group Members
Next by Date: Re: can't get memberof filter working
Index(es):
- Chronological
- Thread