While trying to debug my problems with authentication I discovered the problem was with searching the LDAP entries.

 

If I search my database by the CN field I get this output:

ldapsearch -D "cn=manager,dc=example,dc=com" -x -W  "cn=myuser"

 

# myuser, Users, example.com

dn: uid=myuser,o=Users,dc=example,dc=com

uid: myuser

cn: myUser

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

shadowLastChange: 13789

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 10002

gidNumber: 10001

homeDirectory: /home/ldap/john

gecos: myUser (LDAP)

userPassword:: <stuff>

 

It seems pretty normal to me and working. However, if I try to search with “uid=myuser” nothing is returned.

 

What is more, if I instead search with “uid=myuser*” the entry is returned successfully, which tells me that somewhere on the LDAP structure I probably have a problem with strange characters. Is there a way to efficiently correct this or do I have to import everything again?

 

Of course, I could be wrong in my assumption… anything else that could be causing this behaviour besides strange “invisible” characters on UID field?

 

Thank you,

Nuno