[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: can't get memberof filter working
El jue, 11-08-2011 a las 16:58 +0200, masarati@aero.polimi.it escribiÃ:
> > Hi all. Im having hard time triyng to figure out what is wrong with this
> > ldap query:
> >
> > Im triyng to filter a specific user inside a specific group. Like this
> > /usr/bin/ldapsearch -x -D ".." -w..
> > -b "o=Work"
> > "(&(uniquemember=uid=gherzig,ou=People,o=Work)
> > (memberof=cn=MailUsers,ou=Groups,o=Work))"
> >
> > It gets no results, but if i remove the memberof part, it works good.
> > "(&(uniquemember=uid=gherzig,ou=People,o=Work))" as a filter gives me
> > all the entries that users is in.
> >
> > What is wrong?
> > BTW specifiyng a different basesearch is not an option, i need that base
> > as it is.
>
> There may be many causes; typically:
>
> - the client's identity does not have search access on memberOf
>
> - memberOf is not defined in schema, and the filter is undefined
>
> Check the server's logs for hints. If "stats" does not suffice, add "acl"
> and "trace".
>
> p.
>
Thanks for your time.
I have a preety default conf:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,uid,cn
by self write
by * read
access to attrs=shadowLastChange
by self write
by * read
access to *
by * search
(Besides, im binding with the rootDN)
And after executing ldapsearch, this appears in the logs
Aug 12 14:55:44 inca slapd[28386]: conn=1005 fd=17 ACCEPT from
IP=[::1]:55027 (IP=[::]:389)
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND
dn="cn=Manager,..." method=128
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND
dn="cn=Manager,o=Work" mech=SIMPLE ssf=0
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 RESULT tag=97 err=0
text=
Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=1 SRCH base="o=Work"
scope=2 deref=0
filter="(&(&(memberOf=cn=MailUsers,ou=groups,o=Work)(uniqueMember=uid=gherzig,ou=people,o=Work)))"
Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates:
(memberOf) not indexed
Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates:
(uniqueMember) not indexed
Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=2 UNBIND
Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 12 14:55:48 inca slapd[28386]: conn=1005 fd=17 closed
Any other hints?
Thanks again.
Gerardo