Andreas Schoe andi@gfz-potsdam.de writes:
Hello,
I post the operation with debug level "-1". I can read out an error with the indexed DB dn2id, the suffix is called "cn=intern,dc=de" and in the logs there is an entry "c=intern,dc=de". For testing the server is contacted by the manager account.
A search with rootdn disables all access rules, and slapd -d acl would have shown acl parsing. But anyhow...
base="cn=alias,ou=Groups,dc=extern,dc=de" scope=2 deref=3 filter="(cn=*)" [ID 325447 local4.debug] => bdb_search [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=extern,dc=de") [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=intern,dc=de") [ID 603319 local4.debug] => bdb_dn2id("c=intern,dc=de") [ID 433641 local4.debug] <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30988) [ID 923158 local4.debug] => access_allowed: disclose access to "cn=alias,ou=Groups,dc=extern,dc=de" "entry" requested [ID 592946 local4.debug] <= root access granted [ID 384072 local4.debug] => access_allowed: disclose access granted by manage(=mwrscxd) [ID 131099 local4.debug] send_ldap_result: conn=1389 op=1 p=3 [ID 291653 local4.debug] send_ldap_result: err=33 matched="cn=alias,ou=Groups,dc=extern,dc=de" text="aliasedObject not found" [ID 324658 local4.debug] send_ldap_response: msgid=2 tag=101 err=33 [ID 832699 local4.debug] conn=1389 op=1 SEARCH RESULT tag=101 err=33 nentries=0 text=aliasedObject not found
The result is quite clear, the object ou=groups,dc=intern,dc=de does not exist within the servers naming context. [...]
This will pick up the group account: ldapsearch -x -h ldap.intern.de -b "cn=alias,ou=Groups,dc=intern,dc=de" '(cn=*)'
It seems that you either connect to a different host or to a different search base. In both cases you cannot dereference an alias, you should probably create referrals.
-Dieter