Hi,
I'm trying to sync a active directory with a openldap and for update the entries i use the objectsid binary attribute of the active directory as the link attribute between the two directories.
I'm having an issue with the binary data inserted in a octetstring attribute. There is no problem to insert the data in the attribute. but when i request the attribute there is no entries returned. Howerver, when i do the same request in active directory it returns me the right answer.
Here is my attribute specification in openldap :
attributetype ( 1.3.6.1.4.1.31631.1.1.2.1.1 NAME 'binarysid' DESC 'binary object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
and here is the data inserted in this attribute :
binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA=
if i request my openldap with this filter :
filter="(&(objectClass=inetOrgPerson)(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
No answer is returned, but when i request the active directory with this filter :
filter="(&(objectClass=user)(objectsid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
He returns me the right answer...
Do i have a problem with my attribute in openldap?
if someone could help me, I will really appreciate.
Thanks
Armando Martins wrote:
Hi,
I'm trying to sync a active directory with a openldap and for update the entries i use the objectsid binary attribute of the active directory as the link attribute between the two directories.
I'm having an issue with the binary data inserted in a octetstring attribute. There is no problem to insert the data in the attribute. but when i request the attribute there is no entries returned. Howerver, when i do the same request in active directory it returns me the right answer.
Here is my attribute specification in openldap :
attributetype ( 1.3.6.1.4.1.31631.1.1.2.1.1 NAME 'binarysid' DESC 'binary object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
and here is the data inserted in this attribute :
binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA=
if i request my openldap with this filter :
filter="(&(objectClass=inetOrgPerson)(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
No answer is returned, but when i request the active directory with this filter :
filter="(&(objectClass=user)(objectsid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
He returns me the right answer...
Do i have a problem with my attribute in openldap?
if someone could help me, I will really appreciate.
You did not add an EQUALITY matching rule to your attribute type description.
Ciao, Michael.
Hi Michael,
Yes i've also think to that. And i've try to put the octetStringMatch equality matching rule in my attribute definition. But unfortunately, the result is the same...
Thanks
2015-09-02 21:54 GMT+02:00 Michael Ströder michael@stroeder.com:
Armando Martins wrote:
Hi,
I'm trying to sync a active directory with a openldap and for update the entries i use the objectsid binary attribute of the active directory as
the
link attribute between the two directories.
I'm having an issue with the binary data inserted in a octetstring
attribute.
There is no problem to insert the data in the attribute. but when i
request
the attribute there is no entries returned. Howerver, when i do the same request in active directory it returns me the right answer.
Here is my attribute specification in openldap :
attributetype ( 1.3.6.1.4.1.31631.1.1.2.1.1 NAME 'binarysid' DESC 'binary object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
and here is the data inserted in this attribute :
binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA=
if i request my openldap with this filter :
filter="(&(objectClass=inetOrgPerson)(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
No answer is returned, but when i request the active directory with this
filter :
filter="(&(objectClass=user)(objectsid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))"
He returns me the right answer...
Do i have a problem with my attribute in openldap?
if someone could help me, I will really appreciate.
You did not add an EQUALITY matching rule to your attribute type description.
Ciao, Michael.
openldap-technical@openldap.org