[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch of Active Directory

To: openldap-software@OpenLDAP.org
Subject: ldapsearch of Active Directory
From: James Garrison <jhg@athensgroup.com>
Date: Mon, 16 Aug 2004 14:16:35 -0500
Organization: Athens Group, Inc.
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803

I'm completely stumped and have nowhere else to turn.  Hopefully some
kind soul on this list has encountered and solved this problem.

O/S = Fedora Core 2 with openldap-2.1.29-1

ldap.conf:

> BASE cn=Users,dc=athens,dc=int
> URI  ldap://triton.athens.int
> BINDDN cn=ldapQuery,cn=Users,dc=athens,dc=int
> BINDPW ldapQuery

Output of "ldapsearch -x -s sub":

[Side Note: the header comment says "base <>" but the output clearly
indicates it DID use the BASE from ldap.conf; also, specifying an
explicit -b on the command line produces the same output except for
the "base" header comment]

> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # Bill Conners, Users, athens.int
> dn: CN=Bill Conners,CN=Users,DC=athens,DC=int
>
> # SUPPORT_566945a0, Users, athens.int
> dn: CN=SUPPORT_566945a0,CN=Users,DC=athens,DC=int
>
> [lines deleted]
>
> # mboyden, Users, athens.int
> dn: CN=mboyden,CN=Users,DC=athens,DC=int
>
> [lines deleted]
>
> # Welch\2C Craig, Users, athens.int
> dn: CN=Welch\, Craig,CN=Users,DC=athens,DC=int
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 188
> # numEntries: 187

So far so good, it returned all entries from
cn=Users,dc=athens,dc=int.

Now I want to try retrieving a single entry, so I do
ldapsearch -x -s sub  "(cn=mbyoden)"

The output is:

> # extended LDIF
> #
> # LDAPv3
> # base <> with scope sub
> # filter: (cn=mbyoden)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
> matchedDN: DC=athens,DC=int
> text: 0000208D: NameErr: DSID-03151E4D, problem 2001 (NO_OBJECT), data 0, bes
>  t match of:
>         'DC=athens,DC=int'
>
>
> # numResponses: 1

Just in case it's not using the BASE for some reason I also try
ldapsearch -x -s sub -b "cn=users,dc=athens,dc=int" "(cn=mbyoden)"
with the same results.

Things I have also tried:

1) The queries run OK when issued in identical form from LDP on
   a Windows box, when bound with the same user (ldapQuery).

2) Using ldaps:// instead of ldap gives the same results.

3) No matter what attributes I ask for on the command line I
   always get back the same output -- it seems to be ignoring
   the argument and always returns ONLY the dn.

--
James Garrison                                Athens Group, Inc.
mailto:jhg@athensgroup.com                    5608 Parkcrest Dr
http://www.athensgroup.com                    Austin, TX 78731
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C         (512) 345-0600 x150

Follow-Ups:
- Re: ldapsearch of Active Directory
  - From: James Garrison <jhg@athensgroup.com>

Prev by Date: Re: ldbm backend database corruption problem
Next by Date: Re: ldapsearch of Active Directory
Index(es):
- Chronological
- Thread