Thanks Quanah,
But, in the meantime, problems went worse!
I found this message/thread: http://www.openldap.org/lists/openldap-software/200612/msg00095.html which indicates that that user couldn't even do exact matches (with aRecord attribute values).
I then tested, and found he was right! I can't do exact matches as well!
In my slapd.conf I have:
index associatedDomain pres,eq,sub index aRecord pres,eq
And here is the result of my queries (exact match):
# ldapsearch2.4 -x -v -D "cn=Manager,dc=noa,dc=gr" -W -s sub -b "ou=dns1,dc=noa,dc=gr" arecord=195.251.202.63 dn ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: arecord=195.251.202.63 requesting: dn # extended LDIF # # LDAPv3 # base <ou=dns1,dc=noa,dc=gr> with scope subtree # filter: arecord=195.251.202.63 # requesting: dn #
# search result search: 2 result: 0 Success
# numResponses: 1
But, if I search with another attribute (also exact match):
# ldapsearch2.4 -x -v -D "cn=Manager,dc=noa,dc=gr" -W -s sub -b "ou=dns1,dc=noa,dc=gr" associateddomain=nmilas1.astro.noa.gr dn ldap_initialize( <DEFAULT> ) Enter LDAP Password: filter: associateddomain=nmilas1.astro.noa.gr requesting: dn # extended LDIF # # LDAPv3 # base <ou=dns1,dc=noa,dc=gr> with scope subtree # filter: associateddomain=nmilas1.astro.noa.gr # requesting: dn #
# nmilas1.astro, noa.gr, dns1, noa.gr dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
What may be wrong?
In that case, you (Quanah) tested with a "junk schema". Would it make sense to test with the real schemas ?
Here is the whole entry (on which searches were conducted):
dn: dc=nmilas1.astro,dc=noa.gr,ou=dns1,dc=noa,dc=gr objectClass: dNSDomain2 objectClass: domainRelatedObject dc: nmilas1.astro associatedDomain: nmilas1.astro.noa.gr aRecord: 195.251.202.63
domainRelatedObject is in cosine.schema, associatedDomain is in core.schema, aRecord is in cosine.schema. Definitions:
attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
Nick
On 11/1/2011 9:38 μμ, Quanah Gibson-Mount wrote:
Yes. The proper thing to do would be to start an updated RFC to get the old definitions updated, or to create your own attribute that has improved matching rules. A lot of the old RFCs were created at a time when their current uses weren't imagined, or a need for doing things differently than what they were designed to do wasn't thought of.
--Quanah