On Nov 8, 2007, at 5:50 AM, Amir Saad wrote:
Nov 8 15:45:29 machine1 slapd[2004]: SRCH "ou=Group,dc=mydomain,dc=com" 2 0 Nov 8 15:45:29 machine1 slapd[2004]: 0 0 0 Nov 8 15:45:29 machine1 slapd[2004]: filter: (objectClass=*) Nov 8 15:45:29 machine1 slapd[2004]: attrs: Nov 8 15:45:29 machine1 slapd[2004]: Nov 8 15:45:29 machine1 slapd[2004]: bdb_idl_fetch_key: @ou=group,dc=mydomain,dc=com Nov 8 15:45:29 machine1 slapd[2004]: connection_get(10) Nov 8 15:45:29 machine1 slapd[2004]: connection_get(10) Nov 8 15:45:29 machine1 slapd[2004]: send_ldap_result: err=0 matched="" text="" Nov 8 15:45:29 machine1 slapd[2004]: connection_get(10)
When I run ldapsearch -Y GSSAPI -b 'ou=group,dc=mydomain,dc=com' I get many records, what is wrong?
Likely a difference in the client's authorization. That is, here you appear to be doing SASL/GSSAPI authentication. Maybe the client did an anonymous search, or binding as some other entity. Suggest you examine the logs of the Bind operation.
(note that discussion of the particulars of NSS/LDAP is off topic here.
-- Kurt