El jue, 11-08-2011 a las 16:58 +0200, masarati@aero.polimi.it escribió:
Hi all. Im having hard time triyng to figure out what is wrong with this ldap query:
Im triyng to filter a specific user inside a specific group. Like this /usr/bin/ldapsearch -x -D ".." -w.. -b "o=Work" "(&(uniquemember=uid=gherzig,ou=People,o=Work) (memberof=cn=MailUsers,ou=Groups,o=Work))"
It gets no results, but if i remove the memberof part, it works good. "(&(uniquemember=uid=gherzig,ou=People,o=Work))" as a filter gives me all the entries that users is in.
What is wrong? BTW specifiyng a different basesearch is not an option, i need that base as it is.
There may be many causes; typically:
the client's identity does not have search access on memberOf
memberOf is not defined in schema, and the filter is undefined
Check the server's logs for hints. If "stats" does not suffice, add "acl" and "trace".
p.
Thanks for your time. I have a preety default conf:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to attrs=userPassword,uid,cn by self write by * read
access to attrs=shadowLastChange by self write by * read
access to * by * search
(Besides, im binding with the rootDN)
And after executing ldapsearch, this appears in the logs
Aug 12 14:55:44 inca slapd[28386]: conn=1005 fd=17 ACCEPT from IP=[::1]:55027 (IP=[::]:389) Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND dn="cn=Manager,..." method=128 Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 BIND dn="cn=Manager,o=Work" mech=SIMPLE ssf=0 Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=0 RESULT tag=97 err=0 text= Aug 12 14:55:44 inca slapd[28386]: conn=1005 op=1 SRCH base="o=Work" scope=2 deref=0 filter="(&(&(memberOf=cn=MailUsers,ou=groups,o=Work)(uniqueMember=uid=gherzig,ou=people,o=Work)))" Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates: (memberOf) not indexed Aug 12 14:55:44 inca slapd[28386]: <= bdb_equality_candidates: (uniqueMember) not indexed Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=2 UNBIND Aug 12 14:55:48 inca slapd[28386]: conn=1005 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Aug 12 14:55:48 inca slapd[28386]: conn=1005 fd=17 closed
Any other hints?
Thanks again. Gerardo