Re: Unknown objectClass in search filter alters the filter?

[Marius Flage <marius@flage.org>]

On the 24th of August, at 15:20, Marius Flage wrote:

> How does OpenLDAP behave when it encounters a search filter with an
> unknown objectClass? From what I've been able to gather, it translates
> the search filter into (?objectClass=value), thus yielding the rest of
> the search invalid. What can I do about this? Either just pass the
> search as it is, or remove it altogether?

I have of course come to another - better - conclusion now. OpenLDAP
doesn't alter the search filters, instead it just "tags" them in the
logfiles when it encounters some unknown object classes. But the
underlaying problem is still the same - I get no entries back from
OpenLDAP when I include the two unknown object classes in the search.

Some intensive googling has revealed that accessGroup is an object class
from IBM's SecureWay Directory Server and that univentionGroup is from
Univention Groups Directory Server [1].

I'm sure if I'm able to get hold of the schemas for these two directory
servers, that I'll be able to make the search valid, but so far I've
found nothing when searching on the respective sites - and don't get me
started on IBM's webpages.

So what can I do then? As I said this is a 3rd party application
(actually a Zope application that uses LDAPUserFolder), so it's not
really feasible to start hacking at that to get this working. Is there a
way to rewrite the object classes or maybe just get OpenLDAP to ignore
the unknown object classes when searching? Or, even better, does anyone
have the correct schema declarations laying around?

Hopefully my last email to the mailing list about this for now - the
next entry is up to you! :)

- Marius

[1] http://www.univention.de/en/