Nicolas RENAULT wrote:
Hello,
I already post some question about this but without succes, perhaps because i made a mistake and replys in another question thread. So I restart here.
testing env so i can make all that i want.
openldap 2.4.40 build on opensuse 13.1. try to make a proxy ldap, with use of meta to relay informations from one AD , one EDir and one openLDAP. (just use openLDAP for now)
I create a database to get locally the root "dc=example,dc=fr" and firstlevel OU : "ou=TOUT,dc=example,dc=fr" , "ou=TEST,dc=example,dc=fr" I bind the openLDAP on "ou=LDAP,ou=TOUT,dc=example,dc=fr" I add users on the local ou "TEST"
simple requests are working without problem. (on "TEST" and on "TOUT" )
activate sssvlv on slapd.conf (because of meta)
back-meta supports dynamic config, this is not a reason to use slapd.conf.
globally (ie before the statement for the meta database)
overlay sssvlvjust this line.
when a try this search
ldapsearch -E 'sss=displayName' -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -b "ou=TEST,dc=example,dc=fr" -w xxxx -s sub "(&(objectClass=user)(displayName=ag*))" displayName
I got the user list sort by display name ( they are local user)
when i try this :
ldapsearch -E 'sss=displayName' -H ldap://localhost -x -D "cn=Manager,dc=example,dc=fr" -b "ou=LDAP,ou=TOUT,dc=example,dc=fr" -w xxxx -s sub "(&(objectClass=user)(displayName=ag*))" displayName
I got this :
# extended LDIF # # LDAPv3 # base <ou=LDAP,ou=TOUT,dc=example,dc=fr> with scope subtree # filter: (&(objectClass=user)(displayName=ag*)) # requesting: displayName # with server side sorting control #
# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success
# numResponses: 1
I understand that the request as been successfull but whitout any results ?
any idea ?
I'm thinking of a problem with :
- bad place for "overlay ssvlv" in slapd.conf (actually it take place juste
after moduleload section and just before the ACL statements
Then test with the overlay moved somewhere else.
- problem with remap attribute when asking the distant LDAP
Then test without remapping.
- overlay sssvlv not working with meta ?
Then test without sssvlv.
but need some clues to find where is the problem.
Regards
-- Nicolas