Armando Martins wrote:
Hi,
I'm trying to sync a active directory with a openldap and for update the entries i use the objectsid binary attribute of the active directory as the link attribute between the two directories.
I'm having an issue with the binary data inserted in a octetstring attribute. There is no problem to insert the data in the attribute. but when i request the attribute there is no entries returned. Howerver, when i do the same request in active directory it returns me the right answer.
Here is my attribute specification in openldap :
attributetype ( 1.3.6.1.4.1.31631.1.1.2.1.1 NAME 'binarysid' DESC 'binary object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
and here is the data inserted in this attribute :
binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA=
if i request my openldap with this filter :
filter="(&(objectClass=inetOrgPerson)(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
No answer is returned, but when i request the active directory with this filter :
filter="(&(objectClass=user)(objectsid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
He returns me the right answer...
Do i have a problem with my attribute in openldap?
if someone could help me, I will really appreciate.
You did not add an EQUALITY matching rule to your attribute type description.
Ciao, Michael.