[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ou=people hidden from ldapsearch

To: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>, openldap-technical@openldap.org
Subject: Re: ou=people hidden from ldapsearch
From: Adam <adam@spoontech.biz>
Date: Sun, 18 Aug 2013 09:06:45 +0930
In-reply-to: <hbf.20130817fk32@bombur.uio.no>
Organization: Spoon Technologies
References: <hbf.20130817fk32@bombur.uio.no>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See, I told you it would be something stupid.

Thanks for the suggestions.

After going through my ACLs I noticied I'd forgotten to include a
break on a couple of them.

Thanks again for the help.

Cheers,

- -- 
- -----------------------
Adam Nye
Spoon Technologies
PO Box 608
Mylor 5153 SA
- -----------------------

On 18/08/13 01:16, Hallvard Breien Furuseth wrote:
> Adam writes:
>> (...) ldapsearch -x -h ldap.example.com -b example.com 
>> objectclass=organizationalUnit 1 -LLL
> 
> If that command gave the results you show, it's not OpenLDAP
> ldapsearch. example.com is not a valid DN, it should be -b
> dc=example,dc=com.
> 
> Also the command asks for attributes "1" and "-LLL" to be
> returned. Put options before the filter.  Also the standard way to
> ask for no attrs to be returned is "1.1", not "1".  It's a
> guaranteed unused OID (object identifier), and OIDs always have at
> least 2 components.
> 
>> When I perform the same search against OpenLDAP, I get the
>> following: (...) Notice the destinct lack of
>> ou=people,dc=example,dc=com and ou=groups,dc=example,dc=com.
>> 
>> I know they're there, because I can create objects etc in them,
>> but I'm at a complete loss as to why they don't show up in the
>> ldapsearch.
> 
> Maybe your config has access controls which hides them.
> 
> Or maybe these actually do not have objectClass:
> organizationalUnit. Try the True filter "(&)" instead: ldapsearch
> -x -LL -h ldap.example.com -s base -b cn=people,dc=example,dc=com
> "(&)" objectClass
> 
> Or maybe you edited the slapd.conf to add an objectClass index
> after loading a few entries?  Then the already-added objects would
> not get indexed.  If so, stop slapd, run slapindex and restart
> slapd.  (OTOH if you use slapd.d/cn=config and modify the cn=config
> over the LDAP protocol, such reindexing happens automatically.)
> 
> Or if the tree is really large and you have not indexed
> objectclass, maybe the search hit a time limit and didn't return
> everything.  Then there should be an error message at the end of
> the ldapsearch output.
> 
>> I know I'm obviously doing something stupid here, and again, I 
>> apologize, but any assistance would be appreciated.
> 
> Hey, relax.  And show us your config, after deleting any passwords,
> if this doesn't help.  It's hard to diagnose without guessing
> otherwise. Also show the exact command you used, and whether it
> said success or something else.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSEAkNAAoJEH1iO/rgZIL9qxMIAJw7QAlL2ItJ3s3/2sNa5Vew
iypVvUsyiUcW2wD88qtj4N5jVMh5PTCJft0qvNhClpl58Dt9gm9tlBrVM4usnui8
TwtMK3riFhwwrtHFcv7dmbeueugoLyILc6gw2qqDJ91UPEYz7cQlK2ASeSPLgGn0
OyyV/GFQ3AYWLvZewqf1NinGlx9I0E3ztEEzIEz8l9Pno/B3zNjtLIrjTFO4fhQ/
i720Osm9c4pSihbtgQOfAtRbhz6uxWPESFAzcS/0n3hHscVpMBvYJOvsNtGb6vbp
Ts7GGzqALItKQPUZhN+szv8G5b4mga2KvhavXG0wMdQrF+0dP6YJ2i3cnDwuc6E=
=SO3n
-----END PGP SIGNATURE-----

References:
- Re: ou=people hidden from ldapsearch
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: ou=people hidden from ldapsearch
Next by Date: How to start slapd without slapd.conf?
Index(es):
- Chronological
- Thread