Re: Objects that have no objectClass ?

May 20, 2011

Hi all!

I am querying an Active Directory, using the ldapsearch utility provided
by OpenLDAP.

Normally, for each entry that ldapsearch returns, I am used to finding at
least one line which starts with dn: and one (or more) which start with

This is the case for the majority of the objects which I can find in the
given AD tree, but I can spot at least one which does have a dn: and a
couple of other attributed (in other words: the entry exists) but just no

Any idea how this is possible?

AD isn't LDAP, it's a MS bastardization, so anything is possible. Could also be ACLs at play.


