[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No Results from Ldapsearch



I don't recommend using the official redhat packages for running a server (some versions have been known to be problematic). If I recall, RedHat includes them more for compatibility and dependency rather than running as a server.

With that said, try running your slapd with debug to see what the client is trying to do and why the server is rejected. It sure sounds like ACL issue from your explanation.

Sellers

On May 11, 2008, at 4:52 PM, The Hwyman wrote:

I'm running Red Hat Enterprise 5 (x86_64) and Openldap version 2.3.27
from official rpms. I have installed openldap, openldap-devel,
openldap-clients, and openldap-servers.

The following command:

ldapsearch -x -b "dc=example,dc=com" '(uid=jsmith)'

produces the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
--

If I specify the jsmith user (or any other user) using -D -W, I get the
same results. If I specify the rootdn user:


ldapsearch -x -D "cn=manager,dc=example,dc=com" -W -b
"dc=example,dc=com" '(uid=jsmith)'

I get the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# jsmith, users, example.com
dn: uid=jsmith,ou=users,dc=example,dc=com
uid: jsmith
cn: jsmith
homeDirectory: /home/jsmith
uidNumber: xxx
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
gidNumber: xxx
gecos: John Smith
sn: Smith
shadowLastChange: xxx
userPassword:: xxx
loginShell: /sbin/nologin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
--

The problem is that I have not disabled annonymous or user access other
than to set ACLs for the userPassword field. The user jsmith can't
even do a search on himself.


I've tried slapacl and confirmed that annonymous as well as the jsmith
user can read the uid field.  I even tried reindexing using slapindex,
but that didn't work either.

Here is my slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/qmail.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
rootpw          xxx
access to attrs=userPassword
 by anonymous  auth
 by self       write
 by *          none
access to attrs=uid
 by *          read
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

Am I missing something??

Thanks!