> i just happened to notice that the following search(es) don't return the > expected results: > >>ldapsearch -xs base -b '' + > # extended LDIF > # > # LDAPv3 > # base <> with scope baseObject > # filter: (objectclass=*) > # requesting: + > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > >>ldapsearch -xs base -b '' namingContexts > # extended LDIF > # > # LDAPv3 > # base <> with scope baseObject > # filter: (objectclass=*) > # requesting: namingContexts > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > > below is the debug output from slapd for the first search - what am i > doing wrong? > > i'm using 2.4.21, courtesy of ubuntu.
[...] > conn=1000 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" > conn=1000 op=1 SRCH attr=+ > => test_filter > PRESENT > => access_allowed: search access to "" "objectClass" requested > => acl_get: [1] attr objectClass > => acl_mask: access to entry "", attr "objectClass" requested > => acl_mask: to all values by "", (=0) > <= check a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > <= check a_dn_pat: * > <= acl_mask: [2] applying +0 (break) > <= acl_mask: [2] mask: =0 > <= acl_get: done. > => slap_access_allowed: no more rules > => access_allowed: no more rules > <= test_filter 50 This 50 means insufficient access, as pointed out by the above logs. Your ACLs prevent searching the rootDSE entry. p.
