Hello there,
I feel like spamming the list, but I now think its a more and more OpenLDAP Server-related "problem" (for me its not a feature ;) ).
http://bacedifo.blogspot.com/2009/09/server-side-sort-with-openldap2418.html
I could reproduce the problem an 2.4.20, but havn't been able to setup an older version to test that, yet.
Some ideas related to that? :/
Bye.
On Fri, Oct 15, 2010 at 15:28, Benjamin Griese der.darude@gmail.com wrote:
Hello guys, I got a problem while pulling information with the native ldap client on my various solaris 10 machines from anĀ openldap2-2.4.23-116.1 Maybe someone has any ideas, because I am on the end of mine. I don't know what to do in the further steps to solve the problem. the important information are below.
thanks for your help.
kind regards, benjamin.
=============================================================
on the solaris box:
solaris profile pulled from DIT, runs absolutly fine, but is maybe not perfect for openldap # ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=proxyuser,ou=system,ou=people,dc=example,dc=de NS_LDAP_BINDPASSWD= secret NS_LDAP_SERVERS= ldap01 ldap02 NS_LDAP_SEARCH_BASEDN= dc=example,dc=de NS_LDAP_AUTH= simple NS_LDAP_SEARCH_REF= FALSE NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_SEARCH_TIME= 30 NS_LDAP_CACHETTL= 60 NS_LDAP_PROFILE= solaris_profile NS_LDAP_CREDENTIAL_LEVEL= proxy NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=example,dc=de?sub NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=example,dc=de?sub NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=SUDOers,dc=example,dc=de?sub NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=people,dc=example,dc=de?sub NS_LDAP_BIND_TIME= 10 NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixGroup NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixAccount NS_LDAP_OBJECTCLASSMAP= sudoers:sudoRole=sudoRole
# ldaplist passwd ldaplist: Object not found (LDAP ERROR (18): Inappropriate matching.) getent passwd/group dont show anything, but strangely, single "id <username>" show the user information I was expecting.
on sles11sp1/openldap2-2.4.23-116.1 (http://download.opensuse.org/repositories/network:/ldap:/OpenLDAP:/RE24/SLE_...)
thats what I see in the logs on the openldap-server, right after typing "ldaplist passwd" on the solaris box Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 ACCEPT from IP=10.0.0.1:45604 (IP=0.0.0.0:389) Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" method=128 Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found entry: "cn=default,ou=pwdpolicy,dc=example,dc=de" Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: result not in cache (userPassword) Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth access to "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" "userPassword" requested Oct 15 14:37:33 examplehost slapd[8339]: => acl_get: [1] attr userPassword Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: access to entry "cn=proxyuser,ou=system,ou=people,dc=example,dc=de", attr "userPassword" requested Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: to value by "", (=0) Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: cn=ldapadm,dc=example,dc=de Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: cn=proxyuser,ou=system,ou=people,dc=example,dc=de ## just for testing purpose Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: anonymous Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] applying auth(=xd) (stop) Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] mask: auth(=xd) Oct 15 14:37:33 examplehost slapd[8339]: => slap_access_allowed: auth access granted by auth(=xd) Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth access granted by auth(=xd) Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" mech=SIMPLE ssf=0 Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 RESULT tag=97 err=0 text= Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 SEARCH RESULT tag=101 err=18 nentries=0 text=serverSort control: No ordering rule Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 do_search: get_ctrls failed Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=2 UNBIND Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 closed
that seems to be a problem with a supportedControl of the ldap-server which the solaris ldap client is unable to handle, because the local openldap-client in the sles-server has absolutly no problem binding and getting infos. is this kind of offtopic for this list?
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com....
says 18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matchingFilter type not supported for the specified attribute.
but I don't know what to do this seems kind of related to this problem, maybe its the same: http://markmail.org/message/dgtk3rpihvkqndqx#query:serverSort%20control%3A%2...
-- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra