Hallo Ulrich,
yes it was the equality missing. I'm new to the LDAP and just downloaded different schemas form the internet to fit the needed attributes. InetUser schema was making the troubles for me and I suspected that there is something wrong with it but I was lacking the knowledge.
There was not much in the logs that could help me: [04-05-2020 12:05:15] slapd debug conn=1050 op=13 SRCH base="ou=people,dc=gal,dc=example,dc=com" scope=2 deref=3 filter="(?inetUserStatus=active )" [04-05-2020 12:05:15] slapd debug conn=1050 op=13 SRCH attr=objectClass [04-05-2020 12:05:15] slapd debug conn=1050 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text=
Danke und Gruss, Xaled
-----Original Message----- From: Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de Sent: Dienstag, 5. Mai 2020 08:05 To: openldap-technical@openldap.org; xaled@web.de Subject: Antw: [EXT] Can not find object by attribute value
xaled@web.de schrieb am 04.05.2020 um 23:10 in Nachricht
3418_1588627588_5EB08884_3418_88_1_1c5701d62258$69c28330$3d478990$@web.de:
Hi,
Could someone help me with this one? I have a user1 with inetUserStatus: active and user2 inetUserStatus: inactive. If I search for a user with a inetUserStatus=(in)active I don't get any results:
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=active)'
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=inactive)'
What is wrong with my search or slapd config?
If I search for a * as attribute value I get both users.
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=*)'
dn: uid=user2,ou=people,dc=gal,dc=example,dc=com
shadowWarning: 0
gidNumber: 100
shadowMax: 0
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW432UzRxYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
uid: user2
shadowLastChange: 0
cn: user2
homeDirectory: /home/user2
uidNumber: 1006
gecos: user2
inetUserStatus: inactive
dn: uid=user1,ou=people,dc=gal,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
cn: user1
uid: user1
uidNumber: 1005
gidNumber: 100
homeDirectory: /home/user1
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW1HU231xYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
inetUserStatus: active
gecos: user1
# ldapsearch ‑LLLQY EXTERNAL ‑H ldapi:/// ‑b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}ldapab,cn=schema,cn=config
dn: cn={5}openxchange,cn=schema,cn=config
dn: cn={6}evolutionperson,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
s# ldapsearch ‑LLLQY EXTERNAL ‑H ldapi:/// ‑o ldif‑wrap=no ‑b cn={7}inetUser,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {7}inetUser
olcAttributeTypes: {0}( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X‑ORIGIN 'Netscape Delegated Administrator' )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus'
DESC
'"active", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE‑VALUE X‑ORIGIN 'Netscape subscriber interoperability' )
There's no EQUALITY. Does slapd log any message when you try to compare?
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A users Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X‑ORIGIN 'Netscape subscriber interoperability' )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary class which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHTTPURL $ userPassword $ memberOf ) X‑ORIGIN 'Netscape subscriber interoperability' )
Thanks