On the 24th of August, at 15:20, Marius Flage wrote:
How does OpenLDAP behave when it encounters a search filter with an unknown objectClass? From what I've been able to gather, it translates the search filter into (?objectClass=value), thus yielding the rest of the search invalid. What can I do about this? Either just pass the search as it is, or remove it altogether?
I have of course come to another - better - conclusion now. OpenLDAP doesn't alter the search filters, instead it just "tags" them in the logfiles when it encounters some unknown object classes. But the underlaying problem is still the same - I get no entries back from OpenLDAP when I include the two unknown object classes in the search.
Some intensive googling has revealed that accessGroup is an object class from IBM's SecureWay Directory Server and that univentionGroup is from Univention Groups Directory Server [1].
I'm sure if I'm able to get hold of the schemas for these two directory servers, that I'll be able to make the search valid, but so far I've found nothing when searching on the respective sites - and don't get me started on IBM's webpages.
So what can I do then? As I said this is a 3rd party application (actually a Zope application that uses LDAPUserFolder), so it's not really feasible to start hacking at that to get this working. Is there a way to rewrite the object classes or maybe just get OpenLDAP to ignore the unknown object classes when searching? Or, even better, does anyone have the correct schema declarations laying around?
Hopefully my last email to the mailing list about this for now - the next entry is up to you! :)
- Marius