[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch not returning namingContexts
> i just happened to notice that the following search(es) don't return the
> expected results:
>
>>ldapsearch -xs base -b '' +
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: +
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
>>ldapsearch -xs base -b '' namingContexts
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: namingContexts
> #
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 1
>
>
> below is the debug output from slapd for the first search - what am i
> doing wrong?
>
> i'm using 2.4.21, courtesy of ubuntu.
[...]
> conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
> conn=1000 op=1 SRCH attr=+
> => test_filter
> PRESENT
> => access_allowed: search access to "" "objectClass" requested
> => acl_get: [1] attr objectClass
> => acl_mask: access to entry "", attr "objectClass" requested
> => acl_mask: to all values by "", (=0)
> <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> <= check a_dn_pat: *
> <= acl_mask: [2] applying +0 (break)
> <= acl_mask: [2] mask: =0
> <= acl_get: done.
> => slap_access_allowed: no more rules
> => access_allowed: no more rules
> <= test_filter 50
This 50 means insufficient access, as pointed out by the above logs. Your
ACLs prevent searching the rootDSE entry.
p.