On 2014-05-16 11:33, Ryan Tandy wrote:
On Fri, May 16, 2014 at 7:13 AM, Tuc ml@t-b-o-h.net wrote:
We're having an issue with a slightly older version of openldap. (2.4.23-26 on CentOS). Using Apache Directory Studio I do a search:
"(objectclass=person)" on a search base of "ou=People,dc=example,dc=com"
This should be the easiest and simplest search in the world. However, I get entries like :
dn: uid=PLACEHOLDER_example_agent,ou=People,dc=example,dc=com objectClass: top objectClass: posixAccount objectClass: inetOrgPerson cn: PLACEHOLDER_example agent gidNumber: 100 homeDirectory: /home/example_agent sn: agent uid: PLACEHOLDER_example_agent uidNumber: 621 givenName: example loginShell: /bin/bash userPassword:: DELETED
and
dn: uid=BDTestUser,ou=People,dc=example,dc=com objectClass: top objectClass: organizationalPerson objectClass: inetOrgPerson cn: BD sn: User displayName: BD User givenName: BD mail: seo@example.com mobile: +1 1111111111 ou: Sales telephoneNumber: +1 222222222 title: BD Sample User uid: BDTestUser userPassword:: DELETED
Where am I going wrong?
organizationalPerson is a subclass of person, and inetOrgPerson is a subclass of organizationalPerson, so the entries above implicitly have the person objectClass. Have a look through the schema files.
Is there some way I can modify the query to only get ones that would look like :
dn: uid=tuc,ou=People,dc=example,dc=com objectClass: radiusprofile objectClass: pwmUser objectClass: top VVVVVVVVVVVVVVVVVVV objectClass: person ^^^^^^^^^^^^^^^^^^^ objectClass: posixAccount objectClass: organizationalPerson objectClass: inetOrgPerson cn: DELETED gidNumber: 100 homeDirectory: /home/tuc sn: DELETED uid: tuc uidNumber: DELETED dialupAccess: TRUE displayName: DELETED givenName: DELETED loginShell: /bin/bash mail: tuc@example.com mobile: +1 DEL ETE D!!! ou: Tech telephoneNumber: +1 DEL ETE D!!! title: Network Janitor userPassword:: DELETED