thanks, i will create referrals. I thought within the same server but two different kind of suffixes I could use aliases.
Andreas Dieter Kluenter schrieb: > Andreas Schoe <[email protected]> writes: > > >> Hello, >> >> I post the operation with debug level "-1". I can read out an error with >> the indexed DB dn2id, the suffix is called "cn=intern,dc=de" and in the >> logs there is an entry "c=intern,dc=de". For testing the server is >> contacted by the manager account. >> > > A search with rootdn disables all access rules, and slapd -d acl would > have shown acl parsing. But anyhow... > > >> base="cn=alias,ou=Groups,dc=extern,dc=de" scope=2 deref=3 filter="(cn=*)" >> [ID 325447 local4.debug] => bdb_search >> [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=extern,dc=de") >> [ID 449132 local4.debug] bdb_dn2entry("cn=alias,ou=groups,dc=intern,dc=de") >> [ID 603319 local4.debug] => bdb_dn2id("c=intern,dc=de") >> [ID 433641 local4.debug] <= bdb_dn2id: get failed: DB_NOTFOUND: No >> matching key/data pair found (-30988) >> [ID 923158 local4.debug] => access_allowed: disclose access to >> "cn=alias,ou=Groups,dc=extern,dc=de" "entry" requested >> [ID 592946 local4.debug] <= root access granted >> [ID 384072 local4.debug] => access_allowed: disclose access granted by >> manage(=mwrscxd) >> [ID 131099 local4.debug] send_ldap_result: conn=1389 op=1 p=3 >> [ID 291653 local4.debug] send_ldap_result: err=33 >> matched="cn=alias,ou=Groups,dc=extern,dc=de" text="aliasedObject not found" >> [ID 324658 local4.debug] send_ldap_response: msgid=2 tag=101 err=33 >> [ID 832699 local4.debug] conn=1389 op=1 SEARCH RESULT tag=101 err=33 >> nentries=0 text=aliasedObject not found >> > > The result is quite clear, the object ou=groups,dc=intern,dc=de does > not exist within the servers naming context. > [...] > >> This will pick up the group account: >> ldapsearch -x -h ldap.intern.de -b "cn=alias,ou=Groups,dc=intern,dc=de" >> '(cn=*)' >> > > It seems that you either connect to a different host or to a different > search base. In both cases you cannot dereference an alias, you should > probably create referrals. > > -Dieter > > -- Andreas Schoe Abteilung: Daten- und Rechenzentrum (DRZ) Tel.: +49 (0)331/288-1719 Fax: +49 (0)331/288-1703 Email: [email protected] ___________________________________ Helmholtz-Zentrum Potsdam Deutsches GeoForschungsZentrum - GFZ Stiftung des öff. Rechts Land Brandenburg Telegrafenberg, D-14473 Potsdam
