Hi!
I guess it depends on your objectClass: For a posixAccount you might have a DN like uid=testuser,… If your users are named cn=testuser instead the search criteria may be different. Also you don’t mean uidNumber,right?
As Quanah suggested, provide one sample record at least. Anotherreason for failure could be a lack of permissions to search for the attribute.
Regards, Ulrich
From: tmp 2810 t2810mp@gmail.com Sent: Wednesday, November 6, 2024 2:24 PM To: openldap-technical@openldap.org Subject: [EXT] Trouble with UID Filter in OpenLDAP (slapd meta): Missing Schema or Configuration Issue?
Hi! I think I'm finally able to configure slapd with a meta backend, but I'm experiencing a strange issue when I perform a search with ldapsearch and try to filter by uid. If I use "uid=user" it doesn't work, but if I use "cn=user" it does work, and I need the searches to be by uid.
I understand this could be related to the schemas I’m loading, but I thought uid was a standard attribute already loaded in core.schema.
Just in case, I'm using Debian 12, and these are the schemas available:
collective.schema corba.schema core.schema cosine.schema dsee.schema duaconf.schema dyngroup.schema inetorgperson.schema java.schema misc.schema msuser.schema namedobject.schema nis.schema openldap.schema pmi.schema
These are the schemas I’m using to test:
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema
And as a detail, I find that this part referring to uid (I might be mistaken) is commented out:
attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC1274: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
but when I try to uncomment it, I get the error:
672b6c65.324d8768 0x7febb561d200 /etc/ldap/schema/core.schema: line 564 attributetype: Duplicate attributeType: "0.9.2342.19200300.100.1.1"
Just in case, here’s my configuration. Could it be that something is missing so that a user can log in against this slapd?
Since my applications search by uid (some are very legacy and I can't modify them), I'm unable to verify if everything is correctly set up to make a connection. The only indication that it’s working is that I can retrieve all users with ldapsearch and their attributes, but I can't filter by uid.
##########################################
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema
modulepath /usr/lib/ldap moduleload back_meta.la moduleload back_ldap.la
database meta
suffix "dc=proxy" rootdn "cn=admin,dc=proxy" rootpw 1234
## example.comhttp://example.com uri "ldaps://ldap.google.com/dc=proxyhttp://ldap.google.com/dc=proxy" suffixmassage "dc=proxy" "dc=example,dc=com" lastmod off readonly on rebind-as-user yes chase-referrals yes idassert-bind bindmethod=simple binddn="uid=ldap,ou=Users,dc=example,dc=com" credentials="secret-password" tls_reqcert=demand tls_reqsan=demand tls_cert=/root/ldapcerts/ldap.crt tls_key=/root/ldapcerts/ldap.key tls_cacert=/root/ldapcerts/ca/gtsr1.pem idassert-authzFrom "*"
###############################
Thanks for all the help!