[Date Prev][Date Next] [Chronological] [Thread] [Top]

searching NDS attributes via openldap ldap-backend



Hi

I'm trying to look up accounts that have been locked on our NDS server via
an openldap proxy on a solaris machine

it works natively when I try to contact the NDS/netware box directly. ie.

solarisbox:/ # ldapsearch -h nw1 lockedbyintruder=true dn
dn: cn=user1,o=NDS

dn: cn=user2,o=NDS

dn: cn=user3,o=NDS

dn: cn=user4,o=NDS

dn: cn=user5,o=NDS

dn: cn=user6,o=NDS

etc...

but when I go via the openldap server running on the solaris server

solarisbox:/ # ldapsearch  lockedbyintruder=true dn
Internal (implementation specific) error (80)

If i look in the logs I get an "(?=undefined)"

Apr 29 13:27:06 solarisbox slapd: conn=9 fd=25 ACCEPT from IP=127.0.0.1:59744 (IP=0.0.0.0:389)
Apr 29 13:27:06 solarisbox slapd: conn=9 op=0 BIND dn="" method=128
Apr 29 13:27:06 solarisbox slapd: conn=9 op=0 RESULT tag=97 err=0 text=
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 SRCH base="" scope=2 filter="(?=undefined)"
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 SRCH attr=dn
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 RESULT tag=101 err=80 text=
Apr 29 13:27:06 solarisbox slapd: conn=9 op=2 UNBIND
Apr 29 13:27:06 solarisbox slapd: conn=9 fd=25 closed


now I can access the attribute if I do

solarisbox:/ # ldapsearch cn=user4 lockedbyintruder
dn: cn=user4,o=NDS
lockedByIntruder: TRUE

but I'm wanting to know is how to do this via the openldap proxy

my slapd.conf looks like

---start---
include                 /usr/local/etc/openldap/schema/core.schema
include                 /usr/local/etc/openldap/schema/misc.schema
include                 /usr/local/etc/openldap/schema/cosine.schema
include                 /usr/local/etc/openldap/schema/inetorgperson.schema
include                 /usr/local/etc/openldap/schema/nds500.schema

allow                   bind_v2
defaultsearchbase       "o=nds"

database                ldap
uri                     "ldap://nw1/o=nds ldap://nw2/o=nds ldap://nw3/o=nds";
suffix                  "o=nds"
rootdn                  "cn=admin,o=nds"
rootpw                  "ndspw"
lastmod                 off
rebind-as-user
---end---

I tried doing things like

access to attrs=lockedByIntruder
        by * +csr

access to *
        by * read

but these made no difference


regards
mike

ps. openldap 2.1.17 (with fix for compare bug) on solaris 8 and I can send
the "nds500.schema" file if u wish to look