Re: search on objectClass: posixAccount yielding no results

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, July 26, 2005 9:53 AM -0700 Dennis <dennis@works4me.com> 
wrote:

> Hi,
>
> I am running openldap-2.0.27 on CentOS 3.x. The database directory was
> already existing - I had a machine die and I copied over the directory,
> edited slapd.conf and started openldap. LDAP is being used successfully
> by Courier's authlib for authentication. Life was good.
>
> Now I'm trying to get another app working with openldap and a particular
> search is failing, and it doesn't seem to make sense to me.
>
> I've tried this search using ldapsearch:
> "(&(objectClass=posixAccount)(uid=username))" and it returns zero
> results. However, just "(uid=username)" returns the correct result.
>
> Even just "(objectClass=posixAccount)" returns zilch. However,
> "(objectClass=person)" returns all the accounts in ldap and
> "(&(objectClass=person)(uid=username))" returns the correct result.
>
> So, why is "(objectClass=posixAccount)" not working? All the accounts
> have objectClass: posixAccount. Here is an example of the ldif for one of
> the accounts:

I would guess that the objectClass index is corrupt.

I will note that OpenLDAP 2.0.27 is an ancient release (2.3.4 is the 
current release).  The newer generations of OpenLDAP are many times more 
stable and do not suffer much of the database corruption issue found in the 
old 2.0 line.  You may want to examine upgrading to a current release. 
Note that going from such an old version of OpenLDAP to a current release 
is likely not trivial.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html