xaled@web.de schrieb am 04.05.2020 um 23:10 in Nachricht
3418_1588627588_5EB08884_3418_88_1_1c5701d62258$69c28330$3d478990$@web.de:
Hi,
Could someone help me with this one? I have a user1 with inetUserStatus: active and user2 inetUserStatus: inactive. If I search for a user with a inetUserStatus=(in)active I don't get any results:
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=active)'
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=inactive)'
What is wrong with my search or slapd config?
If I search for a * as attribute value I get both users.
# ldapsearch ‑x ‑H ldap://127.0.0.1:389 ‑D 'cn=admin,dc=gal,dc=example,dc=com' ‑w secret ‑LLL ‑b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=*)'
dn: uid=user2,ou=people,dc=gal,dc=example,dc=com
shadowWarning: 0
gidNumber: 100
shadowMax: 0
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW432UzRxYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
uid: user2
shadowLastChange: 0
cn: user2
homeDirectory: /home/user2
uidNumber: 1006
gecos: user2
inetUserStatus: inactive
dn: uid=user1,ou=people,dc=gal,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
cn: user1
uid: user1
uidNumber: 1005
gidNumber: 100
homeDirectory: /home/user1
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW1HU231xYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
inetUserStatus: active
gecos: user1
# ldapsearch ‑LLLQY EXTERNAL ‑H ldapi:/// ‑b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}ldapab,cn=schema,cn=config
dn: cn={5}openxchange,cn=schema,cn=config
dn: cn={6}evolutionperson,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
s# ldapsearch ‑LLLQY EXTERNAL ‑H ldapi:/// ‑o ldif‑wrap=no ‑b cn={7}inetUser,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {7}inetUser
olcAttributeTypes: {0}( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X‑ORIGIN 'Netscape Delegated Administrator' )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus'
DESC
'"active", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE‑VALUE X‑ORIGIN 'Netscape subscriber interoperability' )
There's no EQUALITY. Does slapd log any message when you try to compare?
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A users Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X‑ORIGIN 'Netscape subscriber interoperability' )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary class which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHTTPURL $ userPassword $ memberOf ) X‑ORIGIN 'Netscape subscriber interoperability' )
Thanks