Re: extended / extensible search / in 2.3.38 ends with error code 34 invalid DN syntax [Virus checked]

Fri, 21 Sep 2007 07:06:14 -0700 

[EMAIL PROTECTED] writes:

> Hello,
>
> we use OpenLdap 2.3.38 on Solaris 10 (note we run openldap on high-Port, so 
> ldap can run as a "normal" user, without
> root-rights)
>
> While the uid is not case-sensitiv, i want to search with an extensible 
> search (e.g. in RFC 2254 desribed), in the
> hope that Apache this also can in the AuthLdapUrl Directive. But first, i try 
> from console with ldapsearch
>
> But this ends with an Error-Code 34 invalid DN syntax
>
> Whats wrong ? Do extended search work correct in openldap, or whats the Error 
> ?
>
> First,when i try a "normal" search like this, it works fine .. an extended not
>
> 1. ldapsearch -H ldap://10.11.12.15:2389 -x -b 
> uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
> 2. ldapsearch -H ldap://10.11.12.15:3389 -x -b 
> uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc
> =de
>
> Response from 1.
>
> # extended LDIF
> #
> # LDAPv3
> # base <uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> with 
> scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # u4711, SI, Benutzer, sparkassen-informatik.de
F> dn: uid=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
> cn: u4711
> destinationIndicator: 100100,4600,,
> st: 6
> objectClass: person
> objectClass: uidObject
> objectClass: organizationalPerson
> l: alle
> sn: User von K.H. Ostertag
>
> # search result
> search: 2
> result: 0 Success
> # numResponses: 2
> # numEntries: 1
>
> But now, when i use extensible Search like this, i got an error 34 invalid DN 
> syntax.
> .....uid:caseExactMatch:u4711....
>
> ldapsearch -H ldap://10.1.23.15:3389 -x -b 
> uid:caseExactMatch:u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de
>
> # extended LDIF
> #
> # LDAPv3
> # base 
> <uid:caseExactMatch:=u4711,ou=SI,ou=Benutzer,dc=sparkassen-informatik,dc=de> 
> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN

Your search base is wrong. Extensible search defines a search filter,
not a search base.
ldapsearch -x -b "ou=SI,ou=Benutzer,..." -s one "uid:caseExactmatch:=u4711"

will do the trick.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

Reply via email to