Re: Antw: Re: Limiting Search Results By Group Membership

[Howard Chu <hyc@symas.com>]

Ulrich Windl wrote:
> > > > Howard Chu <hyc@symas.com> schrieb am 25.07.2017 um 14:27 in Nachricht
> <48d74363-2f0a-739f-d719-515e1fe14997@symas.com>:
> > Ulrich Windl wrote:
> > > BTW: Is there an LDAP query to get the schema name for an object class?
> > > I can list objectclasses and schematas, but I miss the link between those.
> >
> > You can search under cn=schema,cn=config using filter
> > (olcObjectClasses=*<objectclass name>*)
>
> Hi!
>
> Thanks, but I don't quite get it: If I'm trying for "ipService" (which is known), I get an empty result:
>
> # ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=schema,cn=config' -s one '(olcObjectClasses=ipService)' '* +'
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> # extended LDIF
> #
> # LDAPv3
> # base <cn=schema,cn=config> with scope oneLevel
> # filter: (olcObjectClasses=ipService)
> # requesting: * +
> #
>
> # search result
> search: 2
> result: 0 Success
>
> Can you give a concrete example, maybe?

Pay attention to details.

The filter I specified was ( * <objectclass name> * ) - a substring filter.

The filter you used was an exact match filter, which obviously doesn't match 
anything.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/