[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ou=people hidden from ldapsearch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
See, I told you it would be something stupid.
Thanks for the suggestions.
After going through my ACLs I noticied I'd forgotten to include a
break on a couple of them.
Thanks again for the help.
Cheers,
- --
- -----------------------
Adam Nye
Spoon Technologies
PO Box 608
Mylor 5153 SA
- -----------------------
On 18/08/13 01:16, Hallvard Breien Furuseth wrote:
> Adam writes:
>> (...) ldapsearch -x -h ldap.example.com -b example.com
>> objectclass=organizationalUnit 1 -LLL
>
> If that command gave the results you show, it's not OpenLDAP
> ldapsearch. example.com is not a valid DN, it should be -b
> dc=example,dc=com.
>
> Also the command asks for attributes "1" and "-LLL" to be
> returned. Put options before the filter. Also the standard way to
> ask for no attrs to be returned is "1.1", not "1". It's a
> guaranteed unused OID (object identifier), and OIDs always have at
> least 2 components.
>
>> When I perform the same search against OpenLDAP, I get the
>> following: (...) Notice the destinct lack of
>> ou=people,dc=example,dc=com and ou=groups,dc=example,dc=com.
>>
>> I know they're there, because I can create objects etc in them,
>> but I'm at a complete loss as to why they don't show up in the
>> ldapsearch.
>
> Maybe your config has access controls which hides them.
>
> Or maybe these actually do not have objectClass:
> organizationalUnit. Try the True filter "(&)" instead: ldapsearch
> -x -LL -h ldap.example.com -s base -b cn=people,dc=example,dc=com
> "(&)" objectClass
>
> Or maybe you edited the slapd.conf to add an objectClass index
> after loading a few entries? Then the already-added objects would
> not get indexed. If so, stop slapd, run slapindex and restart
> slapd. (OTOH if you use slapd.d/cn=config and modify the cn=config
> over the LDAP protocol, such reindexing happens automatically.)
>
> Or if the tree is really large and you have not indexed
> objectclass, maybe the search hit a time limit and didn't return
> everything. Then there should be an error message at the end of
> the ldapsearch output.
>
>> I know I'm obviously doing something stupid here, and again, I
>> apologize, but any assistance would be appreciated.
>
> Hey, relax. And show us your config, after deleting any passwords,
> if this doesn't help. It's hard to diagnose without guessing
> otherwise. Also show the exact command you used, and whether it
> said success or something else.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJSEAkNAAoJEH1iO/rgZIL9qxMIAJw7QAlL2ItJ3s3/2sNa5Vew
iypVvUsyiUcW2wD88qtj4N5jVMh5PTCJft0qvNhClpl58Dt9gm9tlBrVM4usnui8
TwtMK3riFhwwrtHFcv7dmbeueugoLyILc6gw2qqDJ91UPEYz7cQlK2ASeSPLgGn0
OyyV/GFQ3AYWLvZewqf1NinGlx9I0E3ztEEzIEz8l9Pno/B3zNjtLIrjTFO4fhQ/
i720Osm9c4pSihbtgQOfAtRbhz6uxWPESFAzcS/0n3hHscVpMBvYJOvsNtGb6vbp
Ts7GGzqALItKQPUZhN+szv8G5b4mga2KvhavXG0wMdQrF+0dP6YJ2i3cnDwuc6E=
=SO3n
-----END PGP SIGNATURE-----