While trying to debug my problems with authentication I discovered the problem was with searching the LDAP entries.
If I search my database by the CN field I get this output: ldapsearch -D "cn=manager,dc=example,dc=com" -x -W "cn=myuser"
# myuser, Users, example.com dn: uid=myuser,o=Users,dc=example,dc=com uid: myuser cn: myUser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowLastChange: 13789 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 10002 gidNumber: 10001 homeDirectory: /home/ldap/john gecos: myUser (LDAP) userPassword:: <stuff>
It seems pretty normal to me and working. However, if I try to search with "uid=myuser" nothing is returned.
What is more, if I instead search with "uid=myuser*" the entry is returned successfully, which tells me that somewhere on the LDAP structure I probably have a problem with strange characters. Is there a way to efficiently correct this or do I have to import everything again?
Of course, I could be wrong in my assumption... anything else that could be causing this behaviour besides strange "invisible" characters on UID field?
Thank you, Nuno
On Wednesday 16 April 2008 13:47:01 Nuno Manuel Martins wrote:
It seems pretty normal to me and working. However, if I try to search with "uid=myuser" nothing is returned.
What is more, if I instead search with "uid=myuser*" the entry is returned successfully, which tells me that somewhere on the LDAP structure I probably have a problem with strange characters. Is there a way to efficiently correct this or do I have to import everything again?
You have told slapd that you have an equality index on the uid attribute, but you did not create the index on the attribute for the existing entries.
Stop slapd, run slapindex, start slapd, and then things should work.
I note that the documentation on the index configuration token explains that slapindex should be run ...
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Nuno Manuel Martins