[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch not returning namingContexts



> i just happened to notice that the following search(es) don't return the
> expected results:
>
>>ldapsearch -xs base -b '' +
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: +
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
>>ldapsearch -xs base -b '' namingContexts
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: namingContexts
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
>
> below is the debug output from slapd for the first search - what am i
> doing wrong?
>
> i'm using 2.4.21, courtesy of ubuntu.

[...]

> conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
> conn=1000 op=1 SRCH attr=+
> => test_filter
>     PRESENT
> => access_allowed: search access to "" "objectClass" requested
> => acl_get: [1] attr objectClass
> => acl_mask: access to entry "", attr "objectClass" requested
> => acl_mask: to all values by "", (=0)
> <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> <= check a_dn_pat: *
> <= acl_mask: [2] applying +0 (break)
> <= acl_mask: [2] mask: =0
> <= acl_get: done.
> => slap_access_allowed: no more rules
> => access_allowed: no more rules
> <= test_filter 50

This 50 means insufficient access, as pointed out by the above logs.  Your
ACLs prevent searching the rootDSE entry.

p.