Hi. Usually this is the result of a misconfiguration. I don't see any significant error in your slapd.conf at a first glance; however, if you could tell us the version of the software you're running this could help a bit. I note that if you need to point to just one target, there's no need to use back-meta, you can use back-ldap, which supports exactly the same mapping and rewirte features. p. > > Greetings, > > I'm seeing something I think to be squirrelly and I'm not sure exactly > what's happening. > > I am running a search against a meta-directory, a la: > > ldapsearch -H "ldaps://jaas.itsp.purdue.edu:2490" -b > "uid=wbormann,cn=users,dc=purdue,dc=edu" -s "base" -x -v > "(objectClass=*)" > ldap_initialize( ldaps://jaas.itsp.purdue.edu:2490 ) > filter: (objectClass=*) > requesting: ALL > # extended LDIF > # > # LDAPv3 > # base <uid=wbormann,cn=users,dc=purdue,dc=edu> with scope base > # filter: (objectClass=*) > # requesting: ALL > # > > # wbormann, users, purdue.edu > dn: uid=wbormann,cn=users,dc=purdue,dc=edu > objectClass: top > objectClass: puidObject > objectClass: uidObject > cn: WILLIAM IRVIN BORMANN > givenName: WILLIAM > sn: BORMANN > employeeNumber: 10099899 > uid: wbormann > > # search result > search: 2 > result: 32 No such object > > # numResponses: 2 > # numEntries: 1 > > =================================================================== > > The log for the search looks like: > > =================================================================== > > May 17 13:54:01 jaas slapd[20049]: slapd starting > May 17 13:54:19 jaas slapd[20048]: conn=0 fd=10 ACCEPT from > IP=128.210.177.118:40687 (IP=128.210.177.118:2490) > May 17 13:54:19 jaas slapd[20054]: conn=0 op=0 BIND dn="" method=128 May > 17 13:54:19 jaas slapd[20054]: conn=0 op=0 RESULT tag=97 err=0 text= May > 17 13:54:19 jaas slapd[20054]: conn=0 op=1 SRCH > base="uid=wbormann,cn=users,dc=purdue,dc=edu" scope=0 deref=0 > filter="(objectClass=*)" > May 17 13:54:19 jaas slapd[20054]: conn=0 op=1 SEARCH RESULT tag=101 > err=32 nentries=1 text= > May 17 13:54:19 jaas slapd[20054]: conn=0 op=2 UNBIND > May 17 13:54:19 jaas slapd[20054]: conn=0 fd=10 closed > > =================================================================== > > The configuration file for the cn=users,dc=purdue,dc=edu portion looks > like: > > =================================================================== > > # > # Global Directives > # > # > access to dn.base="" by * read > access to dn.base="dc=purdue,dc=edu" > by * read > ####################################################################### > # Meta directory rules for cn=users,dc=purdue,dc=edu > ####################################################################### > > database meta > lastmod off > suffix "dc=purdue,dc=edu" > > # > # Rewrite rules for user authentication against I2A2 > # > uri > "ldaps://dbm.i2a2.purdue.edu:636/cn=users,dc=purdue,dc=edu" > suffixmassage "cn=users,dc=purdue,dc=edu" > "ou=authenticate,dc=purdue,dc=edu" > map objectclass * * > map attribute employeeNumber puid > > # > # Local Access Rules > # > > access to dn.subtree="cn=users,dc=purdue,dc=edu" > by * read > by anonymous auth > > =================================================================== > > What I don't understand is why an error is being reported but data is > being returned. Isn't this incorrect? > > -- > William I. Bormann > IT Security and Privacy > Phone: 496-3186