Hi,
I have a problem in OpenLDAP 2.4.11 with BDB backend. I search an LDIF entry using ldapsearch command. It is giving me correct result and fetching the entry as given below. ldapsearch -x -D cn=Manager,dc=my-domain,dc=COM -w secret -b ou=TEST,ou=people,dc=my-domain,dc=COM -s sub '(&(objectClass=organizationalUnit)(ou=test*))' -H ldap://localhost:1399 # extended LDIF # # LDAPv3 # base <ou=TEST,ou=people,dc=my-domain,dc=COM> with scope subtree # filter: (objectclass=organizationalUnit) # requesting: ALL #
# TEST, people, my-domain.COM dn: ou=TEST,ou=people,dc=my-domain,dc=COM ou: TEST companyName: test objectClass: top objectClass: organizationalUnit
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
But when I am searching the same request from ldapbrowser it is giving me error code 32 - No Such object. Below is the short dump of slapd debugging logs:
############################################################################################ SRCH "ou=people,dc=my-domain,dc=COM" 1 0 20000 3600 0 begin get_filter AND begin get_filter_list begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x8f59820 ptr=0x8f59856 end=0x8f59903 len=173 0000: a3 21 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 .!..objectClass. 0010: 12 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 61 6c 55 .organizationalU 0020: 6e 69 74 a4 0c 04 02 6f 75 30 06 80 04 54 4f 55 nit....ou0...TES 0030: 53 30 7a 04 02 6f 75 04 0b 63 6f 6d 70 61 6e 79 T0z..ou..company 0040: 4e 61 6d 65 04 08 63 6f 64 65 44 49 53 45 04 11 Name..codeDISE.. 0050: 66 72 65 65 4c 61 62 65 6c 61 64 64 49 6e 66 6f freeLabeladdInfo 0060: 31 04 11 66 72 65 65 4c 61 62 65 6c 61 64 64 49 1..freeLabeladdI 0070: 6e 66 6f 32 04 11 66 72 65 65 4c 61 62 65 6c 61 nfo2..freeLabela 0080: 64 64 49 6e 66 6f 33 04 11 66 72 65 65 4c 61 62 ddInfo3..freeLab 0090: 65 6c 61 64 64 49 6e 66 6f 34 04 11 66 72 65 65 eladdInfo4..free 00a0: 4c 61 62 65 6c 61 64 64 49 6e 66 6f 35 LabeladdInfo5 end get_filter 0 begin get_filter SUBSTRINGS begin get_ssa ber_scanf fmt ({m) ber: ber_dump: buf=0x8f59820 ptr=0x8f59879 end=0x8f59903 len=138 0000: 00 0c 04 02 6f 75 30 06 80 04 54 4f 55 53 30 7a ....ou0...test0z 0010: 04 02 6f 75 04 0b 63 6f 6d 70 61 6e 79 4e 61 6d ..ou..companyNam 0020: 65 04 08 63 6f 64 65 44 49 53 45 04 11 66 72 65 e..codeDISE..fre 0030: 65 4c 61 62 65 6c 61 64 64 49 6e 66 6f 31 04 11 eLabeladdInfo1.. 0040: 66 72 65 65 4c 61 62 65 6c 61 64 64 49 6e 66 6f freeLabeladdInfo 0050: 32 04 11 66 72 65 65 4c 61 62 65 6c 61 64 64 49 2..freeLabeladdI 0060: 6e 66 6f 33 04 11 66 72 65 65 4c 61 62 65 6c 61 nfo3..freeLabela 0070: 64 64 49 6e 66 6f 34 04 11 66 72 65 65 4c 61 62 ddInfo4..freeLab 0080: 65 6c 61 64 64 49 6e 66 6f 35 eladdInfo5 ber_scanf fmt (m) ber: ber_dump: buf=0x8f59820 ptr=0x8f59881 end=0x8f59903 len=130 0000: 80 04 54 4f 55 53 30 7a 04 02 6f 75 04 0b 63 6f ..test0z..ou..co 0010: 6d 70 61 6e 79 4e 61 6d 65 04 08 63 6f 64 65 44 mpanyName..codeD 0020: 49 53 45 04 11 66 72 65 65 4c 61 62 65 6c 61 64 ISE..freeLabelad 0030: 64 49 6e 66 6f 31 04 11 66 72 65 65 4c 61 62 65 dInfo1..freeLabe 0040: 6c 61 64 64 49 6e 66 6f 32 04 11 66 72 65 65 4c laddInfo2..freeL 0050: 61 62 65 6c 61 64 64 49 6e 66 6f 33 04 11 66 72 abeladdInfo3..fr 0060: 65 65 4c 61 62 65 6c 61 64 64 49 6e 66 6f 34 04 eeLabeladdInfo4. 0070: 11 66 72 65 65 4c 61 62 65 6c 61 64 64 49 6e 66 .freeLabeladdInf 0080: 6f 35 o5 INITIAL end get_ssa end get_filter 0 end get_filter_list end get_filter 0 filter: (&(objectClass=organizationalUnit)(ou=test*)) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x8f59820 ptr=0x8f59887 end=0x8f59903 len=124 0000: 00 7a 04 02 6f 75 04 0b 63 6f 6d 70 61 6e 79 4e .z..ou..companyN 0010: 61 6d 65 04 08 63 6f 64 65 44 49 53 45 04 11 66 ame..codeDISE..f 0020: 72 65 65 4c 61 62 65 6c 61 64 64 49 6e 66 6f 31 reeLabeladdInfo1 0030: 04 11 66 72 65 65 4c 61 62 65 6c 61 64 64 49 6e ..freeLabeladdIn 0040: 66 6f 32 04 11 66 72 65 65 4c 61 62 65 6c 61 64 fo2..freeLabelad 0050: 64 49 6e 66 6f 33 04 11 66 72 65 65 4c 61 62 65 dInfo3..freeLabe 0060: 6c 61 64 64 49 6e 66 6f 34 04 11 66 72 65 65 4c laddInfo4..freeL 0070: 61 62 65 6c 61 64 64 49 6e 66 6f 35 abeladdInfo5 attrs: ou companyName codeDISE freeLabeladdInfo1 freeLabeladdInfo2 freeLabeladdInfo3 freeLabeladdInfo4 freeLabeladdInfo5 conn=1 op=1 SRCH base="ou=people,dc=my-domain,dc=COM" scope=1 deref=0 filter="(&(objectClass=organizationalUnit)(ou=test*))" conn=1 op=1 SRCH attr=ou companyName codeDISE freeLabeladdInfo1 freeLabeladdInfo2 freeLabeladdInfo3 freeLabeladdInfo4 freeLabeladdInfo5 => bdb_search bdb_dn2entry("ou=people,dc=my-domain,dc=com") => access_allowed: disclose access to "dc=my-domain,dc=COM" "entry" requested <= root access granted => access_allowed: disclose access granted by manage(=mwrscxd) send_ldap_result: conn=1 op=1 p=3 send_ldap_result: err=10 matched="dc=my-domain,dc=COM" text="" send_ldap_response: msgid=4803 tag=101 err=32 ber_flush2: 31 bytes to sd 13 0000: 30 1d 02 02 12 c3 65 17 0a 01 20 04 10 64 63 3d 0.....e... ..dc= 0010: 4f 52 41 4e 47 45 2c 64 63 3d 43 4f 4d 04 00 my-domain,dc=COM.. ldap_write: want=31, written=31 0000: 30 1d 02 02 12 c3 65 17 0a 01 20 04 10 64 63 3d 0.....e... ..dc= 0010: 4f 52 41 4e 47 45 2c 64 63 3d 43 4f 4d 04 00 my-domain,dc=COM.. conn=1 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= daemon: activity on 1 descriptor daemon: activity on: 13r daemon: read active on 13
############################################################################################
Can you please tell me what is the problem in these two?
Thanks Shashi Ranjan "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
Am Wed, 13 Jul 2016 12:02:28 +0000 schrieb Shashi Ranjan Shashi.Ranjan@aricent.com: [...]
access_allowed: disclose access to "dc=my-domain,dc=COM" "entry" requested
<= root access granted => access_allowed: disclose access granted by manage(=mwrscxd) send_ldap_result: conn=1 op=1 p=3 send_ldap_result: err=10 matched="dc=my-domain,dc=COM" text="" send_ldap_response: msgid=4803 tag=101 err=32
[...] the left RDN of your search string seems to be wrong.
-Dieter
Can you please tell which is the left RDN part specifically. How it can be corrected
Thanks Gurjot
-----Original Message----- From: Dieter Klünter [mailto:dieter@dkluenter.de] Sent: Wednesday, July 13, 2016 8:54 PM To: openldap-technical@openldap.org Subject: Re: OpenLDAP ldapsearch issue
Am Wed, 13 Jul 2016 12:02:28 +0000 schrieb Shashi Ranjan Shashi.Ranjan@aricent.com: [...]
access_allowed: disclose access to "dc=my-domain,dc=COM" "entry" requested
<= root access granted => access_allowed: disclose access granted by manage(=mwrscxd) send_ldap_result: conn=1 op=1 p=3 send_ldap_result: err=10 matched="dc=my-domain,dc=COM" text="" send_ldap_response: msgid=4803 tag=101 err=32
[...] the left RDN of your search string seems to be wrong.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
Hi,
This ldapsearch issue has been solved. Actually the problem is that my hierarchy is like given below going downwards: -> dc=COM -> dc=my-domain -> ou=people -> ou=TEST
In my DB, "ou=people,dc=my-domain,dc=COM" was missing from the DB and "ou=TEST,ou=people,dc=my-domain,dc=COM" was added through slapadd only. So when the below ldapsearch command is executed manually, then it is searching directly for "ou=TEST,ou=people,dc=my-domain,dc=COM" and it gives the correct result. ################################################################################### ldapsearch -x -D cn=Manager,dc=my-domain,dc=COM -w secret -b ou=TEST,ou=people,dc=my-domain,dc=COM -s sub ‘(&(objectClass=organizationalUnit)(ou=test*))’ -H ldap://localhost:1399 # extended LDIF # # LDAPv3 # base <ou=TEST,ou=people,dc=my-domain,dc=COM> with scope subtree # filter: (objectclass=organizationalUnit) # requesting: ALL #
# TEST, people, my-domain.COM dn: ou=TEST,ou=people,dc=my-domain,dc=COM ou: TEST companyName: test objectClass: top objectClass: organizationalUnit
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 ###################################################################################
But when it was searched through LDAPbrowser the following command got executed and it was failed because "ou=people,dc=my-domain,dc=COM" was missing from the DB. ################################################################################### ldapsearch -x -D cn=Manager,dc=my-domain,dc=COM -w secret -b ou=people,dc=my-domain,dc=COM -s sub ‘(&(objectClass=organizationalUnit)(ou=test*))’ -H ldap://localhost:1399 # extended LDIF # # LDAPv3 # base <dc=ALCATEL,dc=FC> with scope subtree # filter: cn=* # requesting: ALL #
# search result search: 2 result: 32 No such object
# numResponses: 1 ###################################################################################
Thanks for your response.
Regards, Gurjot Kaur
-----Original Message----- From: Gurjot Kaur Sent: Thursday, July 14, 2016 5:34 PM To: Dieter Klünter dieter@dkluenter.de; openldap-technical@openldap.org Subject: RE: OpenLDAP ldapsearch issue
Can you please tell which is the left RDN part specifically. How it can be corrected
Thanks Gurjot
-----Original Message----- From: Dieter Klünter [mailto:dieter@dkluenter.de] Sent: Wednesday, July 13, 2016 8:54 PM To: openldap-technical@openldap.org Subject: Re: OpenLDAP ldapsearch issue
Am Wed, 13 Jul 2016 12:02:28 +0000 schrieb Shashi Ranjan Shashi.Ranjan@aricent.com: [...]
access_allowed: disclose access to "dc=my-domain,dc=COM" "entry" requested
<= root access granted => access_allowed: disclose access granted by manage(=mwrscxd) send_ldap_result: conn=1 op=1 p=3 send_ldap_result: err=10 matched="dc=my-domain,dc=COM" text="" send_ldap_response: msgid=4803 tag=101 err=32
[...] the left RDN of your search string seems to be wrong.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
openldap-technical@openldap.org
-
Dieter Klünter -
Gurjot Kaur -
Shashi Ranjan