Hey folks,
While researching another problem, I noticed that even on successful searches (e.g., entries returned that match the filters I set), I see the following in the logs:
Apr 23 12:45:11 ldapmaster slapd[30294]: send_ldap_result: err=0 matched="" text=""
It almost looks to me like it's saying didn't match anything, when in fact it does return entries. I tried looking through the man pages for an explanation, but didn't find one. If anyone could point me to said documentation, or explain how the above message is supposed to be interpreted given the context of the situation, I'd be much obliged.
Thanks, Ryan
Ryan Steele wrote:
Hey folks,
While researching another problem, I noticed that even on successful searches (e.g., entries returned that match the filters I set), I see the following in the logs:
Apr 23 12:45:11 ldapmaster slapd[30294]: send_ldap_result: err=0 matched="" text=""
It almost looks to me like it's saying didn't match anything, when in fact it does return entries. I tried looking through the man pages for an explanation, but didn't find one. If anyone could point me to said documentation, or explain how the above message is supposed to be interpreted given the context of the situation, I'd be much obliged.
"matched" is a field of the LDAP result message as specified in RFC4511, section 4.1.9. That log indicates that the "matched" field is empty.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Pierangelo Masarati wrote:
Ryan Steele wrote:
Hey folks,
While researching another problem, I noticed that even on successful searches (e.g., entries returned that match the filters I set), I see the following in the logs:
Apr 23 12:45:11 ldapmaster slapd[30294]: send_ldap_result: err=0 matched="" text=""
It almost looks to me like it's saying didn't match anything, when in fact it does return entries. I tried looking through the man pages for an explanation, but didn't find one. If anyone could point me to said documentation, or explain how the above message is supposed to be interpreted given the context of the situation, I'd be much obliged.
"matched" is a field of the LDAP result message as specified in RFC4511, section 4.1.9. That log indicates that the "matched" field is empty.
p.
I see no "matched" field defined in that RFC, only "matchedDN". For that matter, I don't see "text" either, but I do see "diagnosticMessage". Are these each respectively equivalent? The RFC also says "For certain result codes (typically, but not restricted to noSuchObject, aliasProblem, invalidDNSyntax, and aliasDereferencingProblem), the matchedDN field is set (subject to access controls) to the name of the last entry (object or alias) used in finding the target (or base) object...", so I'm guessing since it's empty for me on a successful search, result code 0 is not among those?
Thanks!
Ryan
Ryan Steele writes:
I see no "matched" field defined in that RFC, only "matchedDN". For that matter, I don't see "text" either, but I do see "diagnosticMessage". Are these each respectively equivalent?
Yes.
The RFC also says "For certain result codes (typically, but not restricted to noSuchObject, aliasProblem, invalidDNSyntax, and aliasDereferencingProblem), the matchedDN field is set (subject to access controls) to the name of the last entry (object or alias) used in finding the target (or base) object...", so I'm guessing since it's empty for me on a successful search, result code 0 is not among those?
Right. Result code 0 is success. The matchedDN and diagnosticMessage fields are normally used as supplementary information for error result codes. E.g. with result code noSuchObject, matchedDN may be set to the DN of the closest (grand...)parent which does exist.
openldap-software@openldap.org
-
Hallvard B Furuseth -
Pierangelo Masarati -
Ryan Steele