[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: filter on objectclass (ITS#1556)



Two questions:
   do you have an equality index configured for objectClass?
   2.0.14 is pretty old, can you reproduce the problem under 2.0.21?


  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc  
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of
> Kris_Shannon@bigfoot.com
> Sent: Thursday, January 24, 2002 4:25 PM
> To: openldap-its@OpenLDAP.org
> Subject: filter on objectclass (ITS#1556)
> 
> 
> Full_Name: Kris Shannon
> Version: 2.0.14
> OS: linux (debian woody)
> URL: 
> Submission from: (NULL) (203.164.90.15)
> 
> 
> ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub
> '(&(objectclass=posixAccount)(uid=test))'
> 
> returns no entries.
> 
> ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub '(uid=test)'
> 
> returns the entry:
> 
> dn: uid=test,ou=People,dc=example,dc=com
> uid: test
> cn: Test User
> sn: Test User
> mail: test@example.com
> mailRoutingAddress: test@mail.example.com
> mailHost: mail.example.com
> objectClass: mailRecipient
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> objectClass: shadowAccount
> shadowLastChange: 11684
> shadowMax: 99999
> shadowWarning: 7
> krbName: test@EXAMPLE.COM
> loginShell: /bin/bash
> uidNumber: 1234
> gidNumber: 1234
> homeDirectory: /home/test
> gecos: test,,,
> 
> 
> With all debugging turned on, slapd indicates that the objectClass equality
> check returns -1 (which I think means undefined) while the uid equality
> check returns 6 (TRUE).
> There is no problem with access to either of the attributes (verified from
> the debug log as well as the fact that the second search returns both of
> them)
> 
> The first search is essentially what the libnss-ldap library uses to look
> up a user name so this problem prevents moving the user database to ldap :(
> 
> -- 
> Kris Shannon <Kris_Shannon@bigfoot.com>
>