On Thursday 18 December 2008 01:24:11 Pierangelo Masarati wrote:
Matt Kowske wrote:
Thank you. could you provide an example of this functionality with ldapsearch?
ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b "CN=Users,DC=domain,DC=com" -D "CN=Matt Kowske,CN=Users,DC=domain,DC=com" -W "samaccountname=mkowske"
Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3)
This is ldap version 2.4.11. I (tried) to look at the code, and and found the section of code in common.c where it is erroring out, but couldn't determine much beyond that. Why is the above not being recognized as a DN? It should not be parsed as a URI according to the man page.
The man page says: "if no host/port is specified, but a DN is...". It means that:
you must provide a(n RFC 45) LDAP URI
it must contain no host/port
it must contain a DN
yours is not a LDAP URI. Try something like "ldap:///dc=domain,dc=com".
The 2.4 client tools have been modified to support this feature. However, they use libldap to perform this. See clients/tools/common.c, the calls to ldap_dn2domain(3) and ldap_domain2hostlist(3) calls (I don't think they actually have a man page...). Those calls are available in libldap since 2.0, I believe, in 2000.
Is there a reason this isn't implemented in the library? As far as I understand, at present only the OpenLDAP utilities will work with this URI, while if it were implemented in the library, other LDAP clients using the OpenLDAP library which don't already support a similar feature (sudo is the best example I can think of in this case, though various other desktop software could benefit) would get it for free?
(nss_ldap has it's own implementation of this feature, but the configuration is different and probably not compatible with sudo if sudo uses the nss_ldap configuration file).
Regards, Buchan