I'm facing a weird problem with ldapsearch on our companies CentOS OpenLDAP Server (CentOS 5.5, OpenLDAP 2.3.43-12.el5). Our DIT is as follows:
o=company_name,c=country,ou=branch,ou=pool
Within that pool are all users of that particular branch office. With some of those ldapsearch does not return a result when the search base is o=company_name but does return one starting with c=country,o=company_name:
martin/linux2$ ldapsearch -x -h icld -b c=de,o=company_name uid | grep dn | grep s_sarwar dn: uid=s_sarwar,ou=pool,ou=branch,c=de,o=company_name martin/linux2$ ldapsearch -x -h icld -b o=company_name uid | grep dn | grep s_sarwar martin/linux2$
With other users within that same branch it works as expected:
martin/linux2$ ldapsearch -x -h icld -b c=de,o=company_name uid | grep dn | grep t_ceylan dn: uid=t_ceylan,ou=pool,ou=branch,c=de,o=company_name martin/linux2$ ldapsearch -x -h icld -b o=company_name uid | grep dn | grep t_ceylan dn: uid=t_ceylan,ou=pool,ou=branch,c=de,o=company_name martin/linux2$
It does work for s_sarwar when I use the admin account to bind to in ldapsearch but my understanding is that it should work without it as well. We have no roles, no ACLs, no encryption, no nothing in that server. Simple authentication, nothing complicated.
Any ideas? Martin