[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP ldapsearch issue

Hi,

This ldapsearch issue has been solved.
Actually the problem is that my hierarchy is like given below going downwards:
-> dc=COM
-> dc=my-domain
-> ou=people
-> ou=TEST

In my DB, "ou=people,dc=my-domain,dc=COM" was missing from the DB and "ou=TEST,ou=people,dc=my-domain,dc=COM" was added through slapadd only.
So when the below ldapsearch command is executed manually, then it is searching directly for  "ou=TEST,ou=people,dc=my-domain,dc=COM" and it gives the correct result.
###################################################################################
ldapsearch -x -D cn=Manager,dc=my-domain,dc=COM -w secret -b ou=TEST,ou=people,dc=my-domain,dc=COM -s sub ‘(&(objectClass=organizationalUnit)(ou=test*))’ -H ldap://localhost:1399
# extended LDIF
#
# LDAPv3
# base <ou=TEST,ou=people,dc=my-domain,dc=COM> with scope subtree
# filter: (objectclass=organizationalUnit)
# requesting: ALL
#

# TEST, people, my-domain.COM
dn: ou=TEST,ou=people,dc=my-domain,dc=COM
ou: TEST
companyName: test
objectClass: top
objectClass: organizationalUnit

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
###################################################################################

But when it was searched through LDAPbrowser the following command got executed and it was failed because "ou=people,dc=my-domain,dc=COM" was missing from the DB.
###################################################################################
ldapsearch -x -D cn=Manager,dc=my-domain,dc=COM -w secret -b ou=people,dc=my-domain,dc=COM -s sub ‘(&(objectClass=organizationalUnit)(ou=test*))’ -H ldap://localhost:1399
# extended LDIF
#
# LDAPv3
# base <dc=ALCATEL,dc=FC> with scope subtree
# filter: cn=*
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
###################################################################################

Thanks for your response.

Regards,
Gurjot Kaur

-----Original Message-----
From: Gurjot Kaur
Sent: Thursday, July 14, 2016 5:34 PM
To: Dieter Klünter <dieter@dkluenter.de>; openldap-technical@openldap.org
Subject: RE: OpenLDAP ldapsearch issue

Can you please tell which is the left RDN part specifically. How it can be corrected

Thanks
Gurjot

-----Original Message-----
From: Dieter Klünter [mailto:dieter@dkluenter.de]
Sent: Wednesday, July 13, 2016 8:54 PM
To: openldap-technical@openldap.org
Subject: Re: OpenLDAP ldapsearch issue

Am Wed, 13 Jul 2016 12:02:28 +0000
schrieb Shashi Ranjan <Shashi.Ranjan@aricent.com>:
[...]
> > access_allowed: disclose access to "dc=my-domain,dc=COM" "entry"
> > requested
> <= root access granted
> => access_allowed: disclose access granted by manage(=mwrscxd)
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: err=10 matched="dc=my-domain,dc=COM" text=""
> send_ldap_response: msgid=4803 tag=101 err=32
[...]
the left RDN of your search string seems to be wrong.

-Dieter

--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E


"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."