Any chance that the entry for s_sarwar is the 501st entry in your directory?
In slapd.conf the sizelimit is usually set to 500, which means that slapd will only return the first 500 entries it finds. This limit doesn't apply to the administrator account. In your slapd.conf file change your sizelimit to "unlimited":
sizelimit unlimited
and see if that fixes your problem.
Martin Jungowski wrote:
I'm facing a weird problem with ldapsearch on our companies CentOS OpenLDAP Server (CentOS 5.5, OpenLDAP 2.3.43-12.el5). Our DIT is as follows:
o=company_name,c=country,ou=branch,ou=pool
Within that pool are all users of that particular branch office. With some of those ldapsearch does not return a result when the search base is o=company_name but does return one starting with c=country,o=company_name:
martin/linux2$ ldapsearch -x -h icld -b c=de,o=company_name uid | grep dn | grep s_sarwar dn: uid=s_sarwar,ou=pool,ou=branch,c=de,o=company_name martin/linux2$ ldapsearch -x -h icld -b o=company_name uid | grep dn | grep s_sarwar martin/linux2$
With other users within that same branch it works as expected:
martin/linux2$ ldapsearch -x -h icld -b c=de,o=company_name uid | grep dn | grep t_ceylan dn: uid=t_ceylan,ou=pool,ou=branch,c=de,o=company_name martin/linux2$ ldapsearch -x -h icld -b o=company_name uid | grep dn | grep t_ceylan dn: uid=t_ceylan,ou=pool,ou=branch,c=de,o=company_name martin/linux2$
It does work for s_sarwar when I use the admin account to bind to in ldapsearch but my understanding is that it should work without it as well. We have no roles, no ACLs, no encryption, no nothing in that server. Simple authentication, nothing complicated.
Any ideas? Martin
Prentice