--On Sunday, February 05, 2012 9:45 PM -0500 "Matthew M. DeLoera" mdeloera@exacq.com wrote:
Hello,
Apologies if this isn't the appropriate list. Searched archives but didn't manage to find anything that seemed related…
This query does not return any results:
(|(&(objectClass=groupOfNames)(cn=Domain Users))(&(objectClass=inetorgperson)(cn=Domain Users))(&(objectClass=organization)(o=Domain Users)))
My guess is that if a subsequent clause specifies an attribute that's not defined for an objectClass, the query fails even if the first clause is known to be good? If that's how things work, I can deal with that. But I just can't find any documentation that clarifies this (or I'm totally missing something super obvious!).
Definitely not the case, because this search works correctly for me:
ldapsearch -x -H ldap://zre-ldap001.eng.vmware.com -D "cn=config" -w zimbra "(&(objectClass=organizationalPerson)(zimbraMailStatus=enabled))" uid
obviously "zimbraMailStatus" is not a part of the organizationalPerson schema.
My guess would be in your case that ACLs are the issue, perhaps missing READ or SEARCH on the "o" attr, but having READ or SEARCH on the "cn" attr.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration