Hi all,
I am using SAMBA with OpenLDAP. And I wanted to find the computer trust accounts within the LDAP tree. These are identified by having the S type set in the sambaAcctFlags field. In LDIF format this looks like this:
sambaAcctFlags: [S ]
The initial search was:
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=*S*))' dn
This revealed nothing. Which I knew for sure is incorrect. To test I used:
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=[S ]))' dn
which returned the DNs of the trust accounts. Searching for:
ldapsearch -x -LLL '(&(objectClass=device)(sambaSID=*1-5-21*))' dn
also returned all DNs, so it is not a generic search filter problem. It seems to be related to [] and spaces. On the sambaAcctFlags search it doesn't matter if I replace [ and/or ] for * or the spaces for *, nothing is returned. The only working search is searching for the entire string.
Am I doing something wrong? Or is this a bug in the search filter system?
With kind regards,
Dennis Leeuw
Hi Dennis,
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=*S*))' dn
Take a look at samba.schema file [1]. No SUBSTR matching rule is defined for sambaAcctFlags. Therefore this will not work. But I think it can be easily added.
Jan
[1] http://gitweb.samba.org/?p=samba.git;a=blob;f=examples/LDAP/samba.schema
Dennis Leeuw wrote:
ldapsearch -x -LLL '(&(objectClass=device)(sambaAcctFlags=*S*))' dn
This revealed nothing. Which I knew for sure is incorrect.
AFAICS there's no SUBSTR matching rule defined for attribute type sambaAcctFlags. You could add
SUBSTR caseIgnoreIA5SubstringsMatch
to the attribute type description in the samba3.schema file if you really need it. Bear in mind this is a local patch to a file shipped with upstream code.
Ciao, Michael.
openldap-technical@openldap.org
-
Dennis Leeuw -
Jan Vcelak -
Michael Ströder