Stuart Cherrington wrote:
OK - so I tried
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com' # extended LDIF # # LDAPv3 # base <dc=ldn,dc=sw,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1
What I don't understand is 'which' object is missing?
Hi Stuart,
AIUI from reading above then the following LDAP search works:
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com' -D 'cn=proxyagent,ou=profile,dc=ldn,dc=sw,dc=com'
whereas the following doesn't:
ldapsearch2.4 -h 10.2.250.15 -x -b 'dc=ldn,dc=sw,dc=com'
Since it appears to fail when not specifying a bind DN with -D, this suggests to me that you have an ACL on 'dc=ldn,dc=sw,dc=com' which does not allow access to that part of the tree for anonymous binds - hence the "No such object" message.
For security reasons, we tend to disable anonymous binds on all our installations; however it seems as if the Solaris libraries require anonymous access to the 'cn=default,ou=profile...' part of the tree before they will rebind using proxyDN.
HTH,
Mark.