[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: 2.2.15 proxy database ldap

To: "Jean-Jacques Siquet" <jjsiquet@iga.fr>
Subject: RE: 2.2.15 proxy database ldap
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 20 Sep 2004 14:17:40 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: High
In-reply-to: <20040920105228.60ACE19CC002@bynari.iga.fr>
References: <51427.131.175.154.56.1095676642.squirrel@131.175.154.56> <20040920105228.60ACE19CC002@bynari.iga.fr>
User-agent: SquirrelMail/1.4.3a-1

>From the proxy, you appear to have no access to the objectClass attribute,
neither for filtering nor for reading.  You should investigate on this. 
Do you have any "map" directive in the proxy's slapd.conf that addresses
objectClasses?  Do you have any ACLs?  Is there any ACL addressing the
objectClass attribute in the master?

p.

> On my proxy:
> #ldapsearch -x -h localhost -b "O=PIPO"
> # extended LDIF
> #
> # LDAPv3
> # base <O=PIPO> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # PIPO
> dn: o=PIPO
> dc: pipo.fr
> o: PIPO
>
> # TEST, PIPO
> dn: cn=TEST, o=PIPO
> cn: TEST
> sn: TEST
> mail: test@pipo.fr
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
> On my ldap's server:
> # ldapsearch -x -h localhost -b "O=PIPO"
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # PIPO
> dn: o=PIPO
> objectClass: Domain
> objectClass: Organization
> dc: pipo.fr
> o: PIPO
>
> # TEST, PIPO
> dn: cn=TEST, o=PIPO
> cn: TEST
> objectClass: Person
> login: test
> sn: TEST
> mail: test@pipo.fr
> display-name: TEST
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 3
> # numEntries: 2
>
>
>
> -----Message d'origine-----
> De : Pierangelo Masarati [mailto:ando@sys-net.it]
> Envoyé : lundi 20 septembre 2004 12:37
> À : Jean-Jacques Siquet
> Cc : openldap-software@openldap.org
> Objet : RE: 2.2.15 proxy database ldap
> Importance : Haute
>
> What if you directly search the remote server with the same filter?
>
> p.
>
>
>> On my proxy:
>>
>> conn=0 fd=7 ACCEPT from IP=127.0.0.1:60791 (IP=0.0.0.0:389)
>> conn=0 op=0 BIND dn="" method=128
>> conn=0 op=0 RESULT tag=97 err=0 textconn=0 op=1 SRCH base="o=PIPO"
>> scope=2
>> deref=0 filter="(objectClass=*)"
>> request 1 done
>> request 2 done
>> conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=2 textconn=0 op=2
>> UNBIND
>> conn=0 fd=7 closed
>> conn=1 fd=7 ACCEPT from IP=127.0.0.1:60795 (IP=0.0.0.0:389)
>> conn=1 op=0 BIND dn="" method=128
>> conn=1 op=0 RESULT tag=97 err=0 textconn=1 op=1 SRCH base="o=PIPO"
>> scope=2
>> deref=0
>> filter="(|(objectClass=organizationalPerson)(objectClass=person))"
>> request 3 done
>> conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=0 textconn=1 op=2
>> UNBIND
>> conn=1 fd=7 closed
>>
>>
>> it's not possible to stop the service ldap on my server.
>>
>>
>> -----Message d'origine-----
>> De : Pierangelo Masarati [mailto:ando@sys-net.it]
>> Envoyé : lundi 20 septembre 2004 12:09
>> À : Jean-Jacques Siquet
>> Cc : openldap-software@openldap.org
>> Objet : RE: 2.2.15 proxy database ldap
>> Importance : Haute
>>
>> Please reply on the list
>>
>>> How can I have proxy's log?
>>
>> start the proxy slapd with "-d <X>", see slapd.conf(5), directive
>> "loglevel" for details.  Although "-1" would yield all the details, it
>> may
>> result in too much stuff.  I suggest you start with 256 and, if anything
>> useful shows up, add other relevant log levels; or work bottom-up: start
>> with -1, see where's the problem and isolate the log level that yields
>> the
>> relevant info.  It is likely that the problem is not with the proxy
>> (which
>> simply passes info to the remote server) but with the remote server
>> itself; do the same there.  I suspect they bot receive a query that's
>> not
>> what you expected.
>>
>> p.
>>
>>>
>>> -----Message d'origine-----
>>> De : Pierangelo Masarati [mailto:ando@sys-net.it]
>>> Envoyé : lundi 20 septembre 2004 11:19
>>> À : Jean-Jacques Siquet
>>> Cc : openldap-software@openldap.org
>>> Objet : Re: 2.2.15 proxy database ldap
>>> Importance : Haute
>>>
>>>
>>>> I would do a proxy ldap, i have compile with this option :
>>>>
>>>> ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/sbin
>>>> --enable-ldap --disable-bdb
>>>
>>> just a comment: --enable-ldap does not require to --disable-bdb;
>>> it's a choice you explicitly make.
>>>
>>>>
>>>>
>>>>
>>>> The proxy work but only with defaultfilter (objectclass=*), when i do
>>>> with
>>>> my Groupware the filter is <
>>>> (|(objectclass=organizationalPerson)(objectclass=person)) > and there
>>>> are
>>>> no
>>>> result.
>>>
>>> I don't because you don't provide any info
>>> that could be of help.  Can you post the
>>> logs of the proxy and those of the remote
>>> server at a reasonable level for those
>>> operations that succeed and for those that fail?
>>>
>>> p.
>>>
>>> --
>>> Pierangelo Masarati
>>> mailto:pierangelo.masarati@sys-net.it
>>>
>>>
>>>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
>>> +390382476497
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Pierangelo Masarati
>> mailto:pierangelo.masarati@sys-net.it
>>
>>
>>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax:
>> +390382476497
>>
>>
>>
>>
>
>
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it
>
>
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
>
>
>
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- RE: 2.2.15 proxy database ldap
  - From: "Jean-Jacques Siquet" <jjsiquet@iga.fr>

References:
- RE: 2.2.15 proxy database ldap
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- RE: 2.2.15 proxy database ldap
  - From: "Jean-Jacques Siquet" <jjsiquet@iga.fr>

Prev by Date: Outlook sees group, but no addresses show up.
Next by Date: Re: Cant get dbs working
Index(es):
- Chronological
- Thread