[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
searching NDS attributes via openldap ldap-backend
Hi
I'm trying to look up accounts that have been locked on our NDS server via
an openldap proxy on a solaris machine
it works natively when I try to contact the NDS/netware box directly. ie.
solarisbox:/ # ldapsearch -h nw1 lockedbyintruder=true dn
dn: cn=user1,o=NDS
dn: cn=user2,o=NDS
dn: cn=user3,o=NDS
dn: cn=user4,o=NDS
dn: cn=user5,o=NDS
dn: cn=user6,o=NDS
etc...
but when I go via the openldap server running on the solaris server
solarisbox:/ # ldapsearch lockedbyintruder=true dn
Internal (implementation specific) error (80)
If i look in the logs I get an "(?=undefined)"
Apr 29 13:27:06 solarisbox slapd: conn=9 fd=25 ACCEPT from IP=127.0.0.1:59744 (IP=0.0.0.0:389)
Apr 29 13:27:06 solarisbox slapd: conn=9 op=0 BIND dn="" method=128
Apr 29 13:27:06 solarisbox slapd: conn=9 op=0 RESULT tag=97 err=0 text=
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 SRCH base="" scope=2 filter="(?=undefined)"
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 SRCH attr=dn
Apr 29 13:27:06 solarisbox slapd: conn=9 op=1 RESULT tag=101 err=80 text=
Apr 29 13:27:06 solarisbox slapd: conn=9 op=2 UNBIND
Apr 29 13:27:06 solarisbox slapd: conn=9 fd=25 closed
now I can access the attribute if I do
solarisbox:/ # ldapsearch cn=user4 lockedbyintruder
dn: cn=user4,o=NDS
lockedByIntruder: TRUE
but I'm wanting to know is how to do this via the openldap proxy
my slapd.conf looks like
---start---
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nds500.schema
allow bind_v2
defaultsearchbase "o=nds"
database ldap
uri "ldap://nw1/o=nds ldap://nw2/o=nds ldap://nw3/o=nds"
suffix "o=nds"
rootdn "cn=admin,o=nds"
rootpw "ndspw"
lastmod off
rebind-as-user
---end---
I tried doing things like
access to attrs=lockedByIntruder
by * +csr
access to *
by * read
but these made no difference
regards
mike
ps. openldap 2.1.17 (with fix for compare bug) on solaris 8 and I can send
the "nds500.schema" file if u wish to look