Hi,
Could someone help me with this one? I have a user1 with inetUserStatus: active and user2 inetUserStatus: inactive. If I search for a user with a inetUserStatus=(in)active I don't get any results:
# ldapsearch -x -H ldap://127.0.0.1:389 -D 'cn=admin,dc=gal,dc=example,dc=com' -w secret -LLL -b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=active)'
# ldapsearch -x -H ldap://127.0.0.1:389 -D 'cn=admin,dc=gal,dc=example,dc=com' -w secret -LLL -b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=inactive)'
What is wrong with my search or slapd config?
If I search for a * as attribute value I get both users.
# ldapsearch -x -H ldap://127.0.0.1:389 -D 'cn=admin,dc=gal,dc=example,dc=com' -w secret -LLL -b ou=people,dc=gal,dc=example,dc=com '(inetUserStatus=*)'
dn: uid=user2,ou=people,dc=gal,dc=example,dc=com
shadowWarning: 0
gidNumber: 100
shadowMax: 0
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW432UzRxYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
uid: user2
shadowLastChange: 0
cn: user2
homeDirectory: /home/user2
uidNumber: 1006
gecos: user2
inetUserStatus: inactive
dn: uid=user1,ou=people,dc=gal,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetUser
cn: user1
uid: user1
uidNumber: 1005
gidNumber: 100
homeDirectory: /home/user1
loginShell: /bin/bash
userPassword:: e1NTSEF9TVk0WW1HU231xYjRBNWN1TFlTaXZCVFBHRFN3MzdoYWs=
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
inetUserStatus: active
gecos: user1
# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}ldapab,cn=schema,cn=config
dn: cn={5}openxchange,cn=schema,cn=config
dn: cn={6}evolutionperson,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
s# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -o ldif-wrap=no -b cn={7}inetUser,cn=schema,cn=config
dn: cn={7}inetUser,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {7}inetUser
olcAttributeTypes: {0}( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Delegated Administrator' )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"active", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A users Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape subscriber interoperability' )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary class which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHTTPURL $ userPassword $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' )
Thanks
--On Tuesday, May 5, 2020 12:10 AM +0200 xaled@web.de wrote:
Hi,
Could someone help me with this one? I have a user1 with inetUserStatus: active and user2 inetUserStatus: inactive. If I search for a user with a inetUserStatus=(in)active I don't get any results:
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"active", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )
Your schema definition for the attribute clearly lacks any matching rules. Add the appropriate matching rules to the attribute definition.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Hello Quanah,
thank you, yes schema missed equality as Ulrich pointed out.
Greetings, Xaled
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Montag, 4. Mai 2020 23:30 To: xaled@web.de; openldap-technical@openldap.org Subject: Re: Can not find object by attribute value
--On Tuesday, May 5, 2020 12:10 AM +0200 xaled@web.de wrote:
Hi,
Could someone help me with this one? I have a user1 with inetUserStatus: active and user2 inetUserStatus: inactive. If I search for a user with a inetUserStatus=(in)active I don't get any results:
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '"active", "inactive", or "deleted" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )
Your schema definition for the attribute clearly lacks any matching rules. Add the appropriate matching rules to the attribute definition.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org