Hello,
I post the operation with debug level "-1". I can read out an error with the indexed DB dn2id, the suffix is called "cn=intern,dc=de" and in the logs there is an entry "c=intern,dc=de". For testing the server is contacted by the manager account.
[..]
[ID 198467 local4.debug] >>> dnPrettyNormal: <cn=alias,ou=Groups,dc=extern,dc=de> [ID 538834 local4.debug] daemon: select: listen=7 active_threads=0 tvp=NULL [ID 147344 local4.debug] <<< dnPrettyNormal: <cn=alias,ou=Groups,dc=extern,dc=de>, <cn=alias,ou=groups,dc=extern,dc=de> [ID 538834 local4.debug] daemon: select: listen=8 active_threads=0 tvp=NULL [ID 829381 local4.debug] SRCH "cn=alias,ou=Groups,dc=extern,dc=de" 2 3 [ID 998714 local4.debug] 0 0 0 [ID 119476 local4.debug] begin get_filter [ID 873669 local4.debug] PRESENT [ID 274773 local4.debug] end get_filter 0 [ID 141783 local4.debug] filter: (cn=*) [ID 503656 local4.debug] attrs: [ID 100000 local4.debug] [ID 469902 local4.debug] conn=1389 op=1 SRCH base="cn=alias,ou=Groups,dc=extern,dc=de" scope=2 deref=3 filter="(cn=*)" [ID 325447 local4.debug] => bdb_search [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=extern,dc=de") [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=intern,dc=de") [ID 603319 local4.debug] => bdb_dn2id("c=intern,dc=de") [ID 433641 local4.debug] <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) [ID 923158 local4.debug] => access_allowed: disclose access to "cn=alias,ou=Groups,dc=extern,dc=de" "entry" requested [ID 592946 local4.debug] <= root access granted [ID 384072 local4.debug] => access_allowed: disclose access granted by manage(=mwrscxd) [ID 131099 local4.debug] send_ldap_result: conn=1389 op=1 p=3 [ID 291653 local4.debug] send_ldap_result: err=33 matched="cn=alias,ou=Groups,dc=extern,dc=de" text="aliasedObject not found" [ID 324658 local4.debug] send_ldap_response: msgid=2 tag=101 err=33 [ID 832699 local4.debug] conn=1389 op=1 SEARCH RESULT tag=101 err=33 nentries=0 text=aliasedObject not found [ID 601841 local4.debug] daemon: activity on 1 descriptor [ID 802679 local4.debug] daemon: activity on: [ID 522297 local4.debug] 31r
[..]
This will pick up the group account: ldapsearch -x -h ldap.intern.de -b "cn=alias,ou=Groups,dc=intern,dc=de" '(cn=*)'
thanks, Andreas
Dieter Kluenter schrieb:
Andreas Schoe andi@gfz-potsdam.de writes:
Hello list,
I have some problems with alias Objects. I have setup an internal and an external tree. Some group accounts have to point from the external suffix to the internal one.
[...]
ldapsearch -h ldap -x -a find -b "ou=Groups,dc=extern,dc=de"
search: 2 result: 33 Alias problem matchedDN: alias,ou=Groups,dc=gfz-extern,dc=de text: aliasedObject not found
[...]
Please check your access rules for ou=groups,dc=intern,dc=de you may run slapd in debugging mode acl (32) to analyse parsing of the rules set.
-Dieter