[Date Prev][Date Next] [Chronological] [Thread] [Top]

Meta Directory err=32 "No Such Object" Returns the Object :-)




Greetings,

I'm seeing something I think to be squirrelly and I'm not sure exactly what's happening.

I am running a search against a meta-directory, a la:

ldapsearch -H "ldaps://jaas.itsp.purdue.edu:2490" -b "uid=wbormann,cn=users,dc=purdue,dc=edu" -s "base" -x -v "(objectClass=*)"
ldap_initialize( ldaps://jaas.itsp.purdue.edu:2490 )
filter: (objectClass=*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <uid=wbormann,cn=users,dc=purdue,dc=edu> with scope base
# filter: (objectClass=*)
# requesting: ALL
#

# wbormann, users, purdue.edu
dn: uid=wbormann,cn=users,dc=purdue,dc=edu
objectClass: top
objectClass: puidObject
objectClass: uidObject
cn: WILLIAM IRVIN BORMANN
givenName: WILLIAM
sn: BORMANN
employeeNumber: 10099899
uid: wbormann

# search result
search: 2
result: 32 No such object

# numResponses: 2
# numEntries: 1


===================================================================

The log for the search looks like:

===================================================================

May 17 13:54:01 jaas slapd[20049]: slapd starting
May 17 13:54:19 jaas slapd[20048]: conn=0 fd=10 ACCEPT from IP=128.210.177.118:40687 (IP=128.210.177.118:2490)
May 17 13:54:19 jaas slapd[20054]: conn=0 op=0 BIND dn="" method=128
May 17 13:54:19 jaas slapd[20054]: conn=0 op=0 RESULT tag=97 err=0 text=
May 17 13:54:19 jaas slapd[20054]: conn=0 op=1 SRCH base="uid=wbormann,cn=users,dc=purdue,dc=edu" scope=0 deref=0 filter="(objectClass=*)"
May 17 13:54:19 jaas slapd[20054]: conn=0 op=1 SEARCH RESULT tag=101 err=32 nentries=1 text=
May 17 13:54:19 jaas slapd[20054]: conn=0 op=2 UNBIND
May 17 13:54:19 jaas slapd[20054]: conn=0 fd=10 closed


===================================================================

The configuration file for the cn=users,dc=purdue,dc=edu portion looks like:

===================================================================

#
# Global Directives
#
#
access to dn.base="" by * read
access to dn.base="dc=purdue,dc=edu"
        by * read
#######################################################################
# Meta directory rules for cn=users,dc=purdue,dc=edu
#######################################################################

database meta
lastmod off
suffix "dc=purdue,dc=edu"

#
# Rewrite rules for user authentication against I2A2
#
uri             "ldaps://dbm.i2a2.purdue.edu:636/cn=users,dc=purdue,dc=edu"
suffixmassage   "cn=users,dc=purdue,dc=edu" "ou=authenticate,dc=purdue,dc=edu"
map objectclass * *
map attribute employeeNumber puid

#
# Local Access Rules
#

access to dn.subtree="cn=users,dc=purdue,dc=edu"
        by * read
        by anonymous auth

===================================================================

What I don't understand is why an error is being reported but data is being returned.  Isn't this incorrect?

-- 
William I. Bormann
IT Security and Privacy
Phone:  496-3186