Full_Name: George Tzanetis Version: 2.4.23 stable OS: Red Hat Enterprise 5.5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (62.169.213.126)
It seems that when using slapd-ndb the filters in ldapsearches only work if they are substrings. i.e *text or text* or te*xt for attributes that are not defined as indices. If the attribute is defined as an index then the substring filter does not work, as indicate in the manual.
The slapd.conf is as follows:
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
####################################################################### # NDB database definitions ####################################################################### #NDB database defintions database ndb suffix "dc=example,dc=gr" rootdn "cn=root,dc=example,dc=gr" rootpw secret dbconnect 192.168.6.11 dbhost 192.168.6.12 dbport 3306 dbname openldap dbuser ldapUser dbpass "1234" dbconnections 3 dbsocket /tmp/mysql.sock
attrblob description index uid
####################################################################### # Monitor Database definitions ####################################################################### database monitor
loglevel 5
The ldif of an ou:
version: 1 dn: ou=test,dc=example,dc=gr objectClass: top objectClass: organizationalUnit ou: test
dn: uid=user1,ou=test,dc=example,dc=gr objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: user1 gidNumber: -1 givenName: user1 homeDirectory: * sn: user1 uid: user1 uidNumber: -1 userPassword:: 1234
dn: uid=user2,ou=test,dc=example,dc=gr objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: user2 gidNumber: -1 givenName: user2 homeDirectory: * sn: user2 uid: user2 uidNumber: -1 userPassword:: 1234
dn: uid=user3,ou=test,dc=example,dc=gr objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: user3 gidNumber: -1 givenName: user3 homeDirectory: * sn: user3 uid: user3 uidNumber: -1 userPassword:: 1234
dn: uid=user4,ou=test,dc=example,dc=gr objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: user4 gidNumber: -1 givenName: user4 homeDirectory: * sn: user4 uid: user4 uidNumber: -1 userPassword:: 1234
the ldapsearch queries:
-search with specific cn inside the ou: --------------------------------------------------------------------- ldapsearch -h 192.168.132.177 -b 'ou=test,dc=example,dc=gr' -D "cn=root,dc=example,dc=gr" -L -w 'secret' "cn=user1" version: 1
# # LDAPv3 # base <ou=test,dc=example,dc=gr> with scope subtree # filter: cn=user1 # requesting: ALL #
# search result
# numResponses: 1 ---------------------------------------------------------------------
No result
but if we search the cn as a substring:
--------------------------------------------------------------------- ldapsearch -h 192.168.132.177 -b 'ou=test,dc=example,dc=gr' -D "cn=root,dc=example,dc=gr" -L -w 'secret1' "cn=user1*" version: 1
# # LDAPv3 # base <ou=test,dc=example,dc=gr> with scope subtree # filter: cn=user1* # requesting: ALL #
# user1@test, test, example.gr dn: uid=user1@test,ou=test,dc=example,dc=gr objectClass: top objectClass: inetOrgPerson objectClass: posixAccount userPassword:: 1234 sn: user1 cn: user1 uid: user1@test givenName: user1 uidNumber: -1 gidNumber: -1 homeDirectory: *
# search result
# numResponses: 2 # numEntries: 1 ---------------------------------------------------------------------
any substring will give a result i.e. cn=*user1, cn=user1*, cn=us*er1 etc.
if we search for cn=user* it will display all entries of the ou as expected.
The same behavior exists if we filter using any other attribute with the exception of the objectClass attribute, or with the uid attribute which is indexed.
Is this normal?
Thank you,
George
-
gtzanetisï¼ pylones.gr