[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No Results from Ldapsearch

To: The Hwyman <the_hwyman@yahoo.com>
Subject: Re: No Results from Ldapsearch
From: Ryan Steele <rsteele@archer-group.com>
Date: Tue, 13 May 2008 10:43:09 -0400
Cc: openldap-software@openldap.org
In-reply-to: <547372.43470.qm@web52310.mail.re2.yahoo.com>
References: <547372.43470.qm@web52310.mail.re2.yahoo.com>
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

The Hwyman wrote:

I'm running Red Hat Enterprise 5 (x86_64) and Openldap version 2.3.27
from official rpms. I have installed openldap, openldap-devel,
openldap-clients, and openldap-servers.

The following command:

ldapsearch -x -b "dc=example,dc=com" '(uid=jsmith)'

produces the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
--

If I specify the jsmith user (or any other user) using -D -W, I get the
same results.  If I specify the rootdn user:

ldapsearch -x -D "cn=manager,dc=example,dc=com" -W -b
"dc=example,dc=com" '(uid=jsmith)'

I get the following results:
--
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (uid=jsmith)
# requesting: ALL
#

# jsmith, users, example.com
dn: uid=jsmith,ou=users,dc=example,dc=com
uid: jsmith
cn: jsmith
homeDirectory: /home/jsmith
uidNumber: xxx
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
gidNumber: xxx
gecos: John Smith
sn: Smith
shadowLastChange: xxx
userPassword:: xxx
loginShell: /sbin/nologin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
--

The problem is that I have not disabled annonymous or user access other than to set ACLs for the userPassword field. The user jsmith can't even do a search on himself.

I've tried slapacl and confirmed that annonymous as well as the jsmith
user can read the uid field.  I even tried reindexing using slapindex,
but that didn't work either.

Here is my slapd.conf:
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/qmail.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=manager,dc=example,dc=com"
rootpw          xxx
access to attrs=userPassword
  by anonymous  auth
  by self       write
  by *          none
access to attrs=uid
  by *          read
directory       /var/lib/ldap
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

Am I missing something??

Thanks

What do see if you run slapd in debug mode (slapd -d <level>)? It should tell you exactly what it's balking at.

Respectfully,
Ryan

References:
- No Results from Ldapsearch
  - From: The Hwyman <the_hwyman@yahoo.com>

Prev by Date: Re: No Results from Ldapsearch
Next by Date: Re: OpenLDAP as proxy for another LDAP-Server [Virus checked]
Index(es):
- Chronological
- Thread