[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
problems search LDAP starting from Netscape Enterprise server
Hello,
I use servers W3 Netscape Enterprise V3.61. I give the access permission to certain repertories (ACL) via LDAP.
I encounter problems with OpenLDAP when I pose a ACL on a group.
For example, I authorize a group to access with a repertory of my site W3. This fail with the server OpenLDAP, but works with another server LDAP.
Here technical information:
1) the account and the group of test:
dn: uid=bond007, dc=univ-nancy2,dc=fr
uid: bond007
userpassword: {crypt}XXXXXXX
givenname: BOND
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: James
cn: James BOND
dn: cn=grptest,dc=univ-nancy2,dc=fr
objectclass: top
objectclass: groupOfUniqueNames
cn: grptest
uniquemember: uid=bond007,dc=univ-nancy2,dc=fr
2) the OpenLDAP logs when the user bond007 attemps to acces to resource W3:
conn=0 fd=5 connection from toto.univ-nancy2.fr (194.214.218.109) accepted.
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT err=0 tag=97 nentries=0
conn=0 op=1 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(uid=BOND007)"
conn=0 op=1 RESULT err=0 tag=101 nentries=1
conn=0 op=2 BIND dn="UID=BOND007,DC=UNIV-NANCY2,DC=FR" method=128
conn=0 op=2 RESULT err=0 tag=97 nentries=0
conn=0 op=3 BIND dn="" method=128
conn=0 op=3 RESULT err=0 tag=97 nentries=0
conn=0 op=4 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(|(&(objectclass=GROUPOFUNIQUENAMES)(|(uniquemember=UID=BOND007, DC=UNIV-NANCY2,DC=FR)))(&(objectclass=GROUPOFNAMES)(|(member=UID=BOND007,DC=UNIV-NANCY2,DC=FR))))"
conn=0 op=4 RESULT err=0 tag=101 nentries=0
It is noted that nentries=0, therefore that OpenLDAP does not find a user bond007 to be a member of
a group LDAP (objectclass GroupOfUniqueNames or GroupOfNames).
3) I launch the same request with ldapsearch, and nentries=1:
conn=1 fd=11 connection from etudiant.univ-nancy2.fr (194.214.218.65) accepted.
conn=1 op=0 BIND dn="" method=128
conn=1 op=0 RESULT err=0 tag=97 nentries=0
conn=1 op=1 SRCH base="DC=UNIV-NANCY2,DC=FR" scope=2 filter="(|(&(objectclass=GROUPOFUNIQUENAMES)(|(uniquemember=UID=BOND007,DC=UNIV-NANCY2,DC=FR)))(&(objectclass=GROUPOFNAMES)(|(member=UID=BOND007,DC=UNIV-NANCY2,DC=FR))))"
conn=1 op=1 RESULT err=0 tag=101 nentries=1
conn=1 op=2 UNBIND
conn=1 op=2 fd=11 closed errno=0
Here the launched requete:
PASS=""
USER=""
BIN=/usr/local/bin
SEARCHBASE="dc=univ-nancy2,dc=fr"
SCOPE=sub # base,one,sub
FILTER="(|(&(objectclass=GroupOfUniqueNames)(|(uniquemember=uid=bond007,dc=univ-nancy2,dc=fr)))(&(objectclass=GroupOfNames)(|(member=uid=bond007,dc=univ-nancy2,dc=fr))))"
ATTRIB=""
HOST=etudiant.univ-nancy2.fr
PORT=389
$BIN/ldapsearch -D "$USER" -w "$PASS" -h $HOST -p $PORT -s $SCOPE -b "$SEARCHBASE" $FILTER $ATTRIB
I do not see where is the difference, and why OpenLDAP does not find the user in the first case. I tested tiny / capital, without seeing difference.
An idea?
Thank you
--
Vincent MATHIEU
CRI - Universite NANCY 2 | Email : Vincent.Mathieu@univ-nancy2.fr
Pole Lorrain de Gestion | Tel : (33) 03.83.39.63.76
13, Rue Michel Ney - C.O. 75 | Fax : (33) 03.83.39.64.43
54013 NANCY CEDEX