[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: filter on objectclass (ITS#1556)
Two questions:
do you have an equality index configured for objectClass?
2.0.14 is pretty old, can you reproduce the problem under 2.0.21?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of
> Kris_Shannon@bigfoot.com
> Sent: Thursday, January 24, 2002 4:25 PM
> To: openldap-its@OpenLDAP.org
> Subject: filter on objectclass (ITS#1556)
>
>
> Full_Name: Kris Shannon
> Version: 2.0.14
> OS: linux (debian woody)
> URL:
> Submission from: (NULL) (203.164.90.15)
>
>
> ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub
> '(&(objectclass=posixAccount)(uid=test))'
>
> returns no entries.
>
> ldapsearch -x -D '' -b 'ou=People,dc=oz2000,dc=com' -s sub '(uid=test)'
>
> returns the entry:
>
> dn: uid=test,ou=People,dc=example,dc=com
> uid: test
> cn: Test User
> sn: Test User
> mail: test@example.com
> mailRoutingAddress: test@mail.example.com
> mailHost: mail.example.com
> objectClass: mailRecipient
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> objectClass: shadowAccount
> shadowLastChange: 11684
> shadowMax: 99999
> shadowWarning: 7
> krbName: test@EXAMPLE.COM
> loginShell: /bin/bash
> uidNumber: 1234
> gidNumber: 1234
> homeDirectory: /home/test
> gecos: test,,,
>
>
> With all debugging turned on, slapd indicates that the objectClass equality
> check returns -1 (which I think means undefined) while the uid equality
> check returns 6 (TRUE).
> There is no problem with access to either of the attributes (verified from
> the debug log as well as the fact that the second search returns both of
> them)
>
> The first search is essentially what the libnss-ldap library uses to look
> up a user name so this problem prevents moving the user database to ldap :(
>
> --
> Kris Shannon <Kris_Shannon@bigfoot.com>
>