On 08/28/10 12:41 AM, Stuart Cherrington wrote:
> Date: Fri, 27 Aug 2010 22:33:15 +1200
> From: ian(a)ianshome.com
>
> What are the searches being run (from your slapd.log)?
>
The ldap.log contains
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "" 0 3
Aug 27 12:36:24 msldap01 slapd2.4[22363]: 0 30 0
Aug 27 12:36:24 msldap01 slapd2.4[22363]: filter: (objectClass=*)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: attrs:
Aug 27 12:36:24 msldap01 slapd2.4[22363]: namingcontexts
Aug 27 12:36:24 msldap01 slapd2.4[22363]:
Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=0
matched="" text=""
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
Aug 27 12:36:24 msldap01 slapd2.4[22363]: SRCH "dc=ldn,dc=sw,dc=com" 2 3
Aug 27 12:36:24 msldap01 slapd2.4[22363]: 0 30 0
Aug 27 12:36:24 msldap01 slapd2.4[22363]: filter:
(&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))
Aug 27 12:36:24 msldap01 slapd2.4[22363]: attrs:
Aug 27 12:36:24 msldap01 slapd2.4[22363]:
Aug 27 12:36:24 msldap01 slapd2.4[22363]: send_ldap_result: err=32
matched="" text=""
Aug 27 12:36:24 msldap01 slapd2.4[22363]: connection_get(21)
So that one failed with LDAP_NO_SUCH_OBJECT (err=32).
Which balances out your next statement :-)
> Do the work?
>
> The first search '(&(objectClass=nisDomainObject)(nisDomain=your
> domain')) should return your nisDomain, the next the profile.
I think I got the query syntax correct on the query
[root@msldap01 ~]# ldapsearch2.4 -h 10.2.250.15 -D
cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com -w xxxxx-b
dc=ldn,dc=sw,dc=com
"(&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))"
Just -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'
"(&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))" should match
the scripted search.
# extended LDIF
#
# LDAPv3
# base <dc=ldn,dc=sw,dc=com> with scope subtree
# filter: (&(objectClass=nisDomainObject)(nisDomain=ldn.sw.com))
# requesting: ALL
#
#
ldn.sw.com
dn: dc=ldn,dc=sw,dc=com
and that one worked. Compare the log entry for the manual search with
the scripted one.
--
Ian.