Hello there, I feel like spamming the list, but I now think its a more and more OpenLDAP Server-related "problem" (for me its not a feature ;) ).
http://bacedifo.blogspot.com/2009/09/server-side-sort-with-openldap2418.html I could reproduce the problem an 2.4.20, but havn't been able to setup an older version to test that, yet. Some ideas related to that? :/ Bye. On Fri, Oct 15, 2010 at 15:28, Benjamin Griese <[email protected]> wrote: > Hello guys, > I got a problem while pulling information with the native ldap client > on my various solaris 10 machines from anĀ openldap2-2.4.23-116.1 > Maybe someone has any ideas, because I am on the end of mine. > I don't know what to do in the further steps to solve the problem. > the important information are below. > > thanks for your help. > > kind regards, benjamin. > > ============================================================= > > on the solaris box: > > solaris profile pulled from DIT, runs absolutly fine, but is maybe not > perfect for openldap > # ldapclient list > NS_LDAP_FILE_VERSION= 2.0 > NS_LDAP_BINDDN= cn=proxyuser,ou=system,ou=people,dc=example,dc=de > NS_LDAP_BINDPASSWD= secret > NS_LDAP_SERVERS= ldap01 ldap02 > NS_LDAP_SEARCH_BASEDN= dc=example,dc=de > NS_LDAP_AUTH= simple > NS_LDAP_SEARCH_REF= FALSE > NS_LDAP_SEARCH_SCOPE= sub > NS_LDAP_SEARCH_TIME= 30 > NS_LDAP_CACHETTL= 60 > NS_LDAP_PROFILE= solaris_profile > NS_LDAP_CREDENTIAL_LEVEL= proxy > NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=people,dc=example,dc=de?sub > NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=example,dc=de?sub > NS_LDAP_SERVICE_SEARCH_DESC= sudoers: ou=SUDOers,dc=example,dc=de?sub > NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=people,dc=example,dc=de?sub > NS_LDAP_BIND_TIME= 10 > NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixGroup > NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixAccount > NS_LDAP_OBJECTCLASSMAP= sudoers:sudoRole=sudoRole > > # ldaplist passwd > ldaplist: Object not found (LDAP ERROR (18): Inappropriate matching.) > getent passwd/group dont show anything, but strangely, single "id > <username>" show the user information I was expecting. > > on sles11sp1/openldap2-2.4.23-116.1 > (http://download.opensuse.org/repositories/network:/ldap:/OpenLDAP:/RE24/SLE_11_SP1/) > > thats what I see in the logs on the openldap-server, right after > typing "ldaplist passwd" on the solaris box > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 ACCEPT from > IP=10.0.0.1:45604 (IP=0.0.0.0:389) > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND > dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" method=128 > Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found > entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" > Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found > entry: "cn=default,ou=pwdpolicy,dc=example,dc=de" > Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: result not > in cache (userPassword) > Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth > access to "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" > "userPassword" requested > Oct 15 14:37:33 examplehost slapd[8339]: => acl_get: [1] attr userPassword > Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: access to entry > "cn=proxyuser,ou=system,ou=people,dc=example,dc=de", attr > "userPassword" requested > Oct 15 14:37:33 examplehost slapd[8339]: => acl_mask: to value by "", (=0) > Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: > cn=ldapadm,dc=example,dc=de > Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: > cn=proxyuser,ou=system,ou=people,dc=example,dc=de ## just for testing > purpose > Oct 15 14:37:33 examplehost slapd[8339]: <= check a_dn_pat: anonymous > Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] applying > auth(=xd) (stop) > Oct 15 14:37:33 examplehost slapd[8339]: <= acl_mask: [3] mask: auth(=xd) > Oct 15 14:37:33 examplehost slapd[8339]: => slap_access_allowed: auth > access granted by auth(=xd) > Oct 15 14:37:33 examplehost slapd[8339]: => access_allowed: auth > access granted by auth(=xd) > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 BIND > dn="cn=proxyuser,ou=system,ou=people,dc=example,dc=de" mech=SIMPLE > ssf=0 > Oct 15 14:37:33 examplehost slapd[8339]: => bdb_entry_get: found > entry: "cn=proxyuser,ou=system,ou=people,dc=example,dc=de" > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=0 RESULT tag=97 > err=0 text= > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 SEARCH RESULT > tag=101 err=18 nentries=0 text=serverSort control: No ordering rule > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=1 do_search: > get_ctrls failed > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 op=2 UNBIND > Oct 15 14:37:33 examplehost slapd[8339]: conn=1160 fd=22 closed > > that seems to be a problem with a supportedControl of the ldap-server > which the solaris ldap client is unable to handle, because the local > openldap-client in the sles-server has absolutly no problem binding > and getting infos. > is this kind of offtopic for this list? > > http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc_5.2/admin_gd368.htm > > says 18 LDAP_INAPPROPRIATE_MATCHING Inappropriate matchingFilter type > not supported for the specified attribute. > > but I don't know what to do > this seems kind of related to this problem, maybe its the same: > http://markmail.org/message/dgtk3rpihvkqndqx#query:serverSort%20control%3A%20No%20ordering%20rule+page:2+mid:y4wsxfbqdwtreerp+state:results > > -- > To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To > be is to do -- Sartre | Do be do be do -- Sinatra > -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
