robb@wtg.cw.com wrote:

an ldapsearch like this works

ldapsearch -x -b "dc=sql,dc=example,dc=org" "cn=Robert Brooks" cn

dn: uid=robb@example.org,dc=sql,dc=example,dc=org cn: Robert Brooks

# search result search: 2 result: 0 Success

# numResponses: 2 # numEntries: 1

however this does not:

ldapsearch -x -b "dc=sql,dc=example,dc=org" "cn=Robert Brooks" dn cn

# search result search: 2 result: 65 Object class violation

# numResponses:

I'll note that unless you defined it yourself, "dn" is not a valid attribute name. I suspect your back-sql meta-data generates an entry that doesn't pass schema checking, otherwise I don't see a chance for that error to be reported.

In any case, since the behavior you report is very data and meta-data dependent, you don't provide enough info for debugging, and at a very first glance this is not indicative of a software bug.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------