[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compound query question - organization with cn vs. o?

--On Sunday, February 05, 2012 9:45 PM -0500 "Matthew M. DeLoera" <mdeloera@exacq.com> wrote:


Apologies if this isn't the appropriate list. Searched archives but
didn't manage to find anything that seemed relatedâ

This query does not return any results:

Users))(&(objectClass=organization)(o=Domain Users)))

My guess is that if a subsequent clause specifies an attribute that's not
defined for an objectClass, the query fails even if the first clause is
known to be good? If that's how things work, I can deal with that. But I
just can't find any documentation that clarifies this (or I'm totally
missing something super obvious!).

Definitely not the case, because this search works correctly for me:

ldapsearch -x -H ldap://zre-ldap001.eng.vmware.com -D "cn=config" -w zimbra "(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled))" uid

obviously "zimbraMailStatus" is not a part of the organizationalPerson schema.

My guess would be in your case that ACLs are the issue, perhaps missing READ or SEARCH on the "o" attr, but having READ or SEARCH on the "cn" attr.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration