On 05/19/2015 01:53 PM, Boyce, George Robert. (GSFC-762.0)[NICS] wrote:


I don’t understand what is happening…

If I use a compound OR filter to search for “cn” or “uid”, I only get back the match for uid. I expect to get both. If I add a search for a nonexistent attribute like “name”, I get nothing back. I expect to get back the entry matched by the other term.

# l "(cn=gboyce)" dn

dn: cn=gboyce,cn=groups,cn=accounts,dc=…

# l "(uid=gboyce)" dn

dn: uid=gboyce,cn=users,cn=accounts,dc=…

# l "(|(uid=gboyce)(cn=gboyce))" dn

dn: uid=gboyce,cn=users,cn=accounts,dc=…

# l "(|(cn=gboyce)(uid=gboyce))" dn

dn: uid=gboyce,cn=users,cn=accounts,dc=…

# l "(|(uid=gboyce)(name=gboyce))" dn

#


Does this give an error message or does ldapsearch exit with a non-zero value? Can you check the dirsrv access log to see what is the result of this operation?

This is on a new deployment of ipa on centos, with just a couple of test records. I don’t have much recent experience with LDAP, but I don’t see what I’m doing wrong. Dirsrv on centos 6.5 works as expected.

# ipa --version

VERSION: 4.1.0, API_VERSION: 2.112

# cat /etc/centos-release

CentOS Linux release 7.1.1503 (Core)

George Boyce, SAIC/NICS

GCC Systems Support

NASA GSFC Code 762




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to