ldapsearch weird results - wild card not working as expected

Mon, 09 Mar 2009 18:14:02 -0700 

I wrote a script to add groups to my ldap directory

---------------------------------
#!/bin/sh

# Get the latest gid
gidlast="`ldapsearch -x "cn=*"  -b "ou=Group,dc=mydomain,dc=com" -h myserver |
grep gidNumber | awk '{ print $2 }' | sort -u | tail -n 1`"
newgid="`echo "$gidlast + 1" | bc`"

echo "newgid: $newgid"

# Make the Mods
echo "dn: cn=$1,ou=Group,dc=mydomain,dc=com" > /tmp/modify.ldap
echo "changetype: add"  >>   /tmp/modify.ldap
echo "objectClass: posixGroup"  >>   /tmp/modify.ldap
echo "objectClass: top"  >>   /tmp/modify.ldap
echo "cn: $1" >>   /tmp/modify.ldap
echo "gidNumber: $newgid" >>   /tmp/modify.ldap

# Run the Update
ldapmodify -x -f /tmp/modify.ldap -h myserver -D
cn=Manager,dc=mydomain,dc=com -w mypasswd

----------------------------------

This correctly creates a new group
eg.

./mkgroup.sh mygroup01

$ ldapsearch -x "cn=mygroup01" -h myserver

produces ->

# mygroup01, Group, mydomain.com
dn: cn=mygroup01,ou=Group,dc=mydomain,dc=com
objectClass: posixGroup
objectClass: top
cn: mygroup01
gidNumber: 7435
memberUid: dummyuser

The issue is the following:

$ ldapsearch -x "cn=mygroup*"  -b "ou=Group,dc=mydomain,dc=com" -h myserver |
grep gidNumber | awk '{ print $2 }' | sort -u | tail -n 1

returns the result
7435

$ ldapsearch -x "cn=*"  -b "ou=Group,dc=mydomain,dc=com" -h myserver | grep
gidNumber | awk '{ print $2 }' | sort -u | tail -n 1

returns the result
7434

In other words the wild card is not picking up the new group even though it is
actually there. Perhaps someone can show me the error of my ways but I think
both results should return the same value

I am running centos 5 with
openldap-clients-2.3.27-8.el5_2.4
openldap-servers-2.3.27-8.el5_2.4
openldap-2.3.27-8.el5_2.4
openldap-devel-2.3.27-8.el5_2.4





The information contained in this email and any attachments is strictly 
confidential. If you are not the intended recipient you must not disclose or 
use the information contained in it. If you have received this email in error 
please notify us immediately by return email and delete the document. Domain 
Principal Pty Ltd accepts no liability for any loss or damage caused by this 
email or its attachments due to viruses interference interception corruption or 
unauthorised access.

Reply via email to