extended / extensible search / in 2.3.38 ends with error code 34 invalid DN syntax [Virus checked]
Hello,
we use OpenLdap 2.3.38 on Solaris 10 (note we run openldap on high-Port, so ldap can run as a "normal" user, without root-rights)
While the uid is not case-sensitiv, i want to search with an extensible search (e.g. in RFC 2254 desribed), in the hope that Apache this also can in the AuthLdapUrl Directive. But first, i try from console with ldapsearch
But this ends with an Error-Code 34 invalid DN syntax
Whats wrong ? Do extended search work correct in openldap, or whats the Error ?
First,when i try a "normal" search like this, it works fine .. an extended not
1. ldapsearch -H ldap://10.11.12.15:2389 -x -b uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de 2. ldapsearch -H ldap://10.11.12.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
Response from 1.
# extended LDIF # # LDAPv3 # base <uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# u4711, SI, Benutzer, sparkassen-informatik.de dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de cn: u4711 destinationIndicator: 100100,4600,, st: 6 objectClass: person objectClass: uidObject objectClass: organizationalPerson l: alle sn: User von K.H. Ostertag
# search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
But now, when i use extensible Search like this, i got an error 34 invalid DN syntax. .....uid:caseExactMatch:u4711....
ldapsearch -H ldap://10.1.23.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
# extended LDIF # # LDAPv3 # base uid:caseExactMatch:=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 34 Invalid DN syntax text: invalid DN
# numResponses: 1
And here is the Entry in LDIF-Format for this Test-User
dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de cn: u4711 uid: u4711 description: ServiceView-Nutzer userPassword:: e2NyedsfWERWER1Nk1Sd2VldzlnOC4= destinationIndicator: 100100,4600,, st: 6 street: 1146137613 objectClass: person objectClass: uidObject objectClass: organizationalPerson structuralObjectClass: organizationalPerson entryUUID: 676dba36-6a2d-102a-99f4-a3736da85288 creatorsName: cn=Manager,dc=sparkassen-informatik,dc=de createTimestamp: 20060427113433Z l: alle sn: Test-User von K.H. Ostertag entryCSN: 20060530041127Z#000001#00#000000 modifiersName: cn=Manager,dc=sparkassen-informatik,dc=de modifyTimestamp: 20060530041137Z
ems@sparkassen-informatik.de writes:
Hello,
we use OpenLdap 2.3.38 on Solaris 10 (note we run openldap on high-Port, so ldap can run as a "normal" user, without root-rights)
While the uid is not case-sensitiv, i want to search with an extensible search (e.g. in RFC 2254 desribed), in the hope that Apache this also can in the AuthLdapUrl Directive. But first, i try from console with ldapsearch
But this ends with an Error-Code 34 invalid DN syntax
Whats wrong ? Do extended search work correct in openldap, or whats the Error ?
First,when i try a "normal" search like this, it works fine .. an extended not
- ldapsearch -H ldap://10.11.12.15:2389 -x -b uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
- ldapsearch -H ldap://10.11.12.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc
=de
Response from 1.
# extended LDIF # # LDAPv3 # base <uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# u4711, SI, Benutzer, sparkassen-informatik.de
F> dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
cn: u4711 destinationIndicator: 100100,4600,, st: 6 objectClass: person objectClass: uidObject objectClass: organizationalPerson l: alle sn: User von K.H. Ostertag
# search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
But now, when i use extensible Search like this, i got an error 34 invalid DN syntax. .....uid:caseExactMatch:u4711....
ldapsearch -H ldap://10.1.23.15:3389 -x -b uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
# extended LDIF # # LDAPv3 # base uid:caseExactMatch:=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 34 Invalid DN syntax text: invalid DN
Your search base is wrong. Extensible search defines a search filter, not a search base. ldapsearch -x -b "ou=SI,ou=Benutzer,..." -s one "uid:caseExactmatch:=u4711"
will do the trick.
-Dieter
openldap-software@openldap.org
-
Dieter Kluenter -
ems@Sparkassen-Informatik.de