-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 See, I told you it would be something stupid.
Thanks for the suggestions. After going through my ACLs I noticied I'd forgotten to include a break on a couple of them. Thanks again for the help. Cheers, - -- - ----------------------- Adam Nye Spoon Technologies PO Box 608 Mylor 5153 SA - ----------------------- On 18/08/13 01:16, Hallvard Breien Furuseth wrote: > Adam writes: >> (...) ldapsearch -x -h ldap.example.com -b example.com >> objectclass=organizationalUnit 1 -LLL > > If that command gave the results you show, it's not OpenLDAP > ldapsearch. example.com is not a valid DN, it should be -b > dc=example,dc=com. > > Also the command asks for attributes "1" and "-LLL" to be > returned. Put options before the filter. Also the standard way to > ask for no attrs to be returned is "1.1", not "1". It's a > guaranteed unused OID (object identifier), and OIDs always have at > least 2 components. > >> When I perform the same search against OpenLDAP, I get the >> following: (...) Notice the destinct lack of >> ou=people,dc=example,dc=com and ou=groups,dc=example,dc=com. >> >> I know they're there, because I can create objects etc in them, >> but I'm at a complete loss as to why they don't show up in the >> ldapsearch. > > Maybe your config has access controls which hides them. > > Or maybe these actually do not have objectClass: > organizationalUnit. Try the True filter "(&)" instead: ldapsearch > -x -LL -h ldap.example.com -s base -b cn=people,dc=example,dc=com > "(&)" objectClass > > Or maybe you edited the slapd.conf to add an objectClass index > after loading a few entries? Then the already-added objects would > not get indexed. If so, stop slapd, run slapindex and restart > slapd. (OTOH if you use slapd.d/cn=config and modify the cn=config > over the LDAP protocol, such reindexing happens automatically.) > > Or if the tree is really large and you have not indexed > objectclass, maybe the search hit a time limit and didn't return > everything. Then there should be an error message at the end of > the ldapsearch output. > >> I know I'm obviously doing something stupid here, and again, I >> apologize, but any assistance would be appreciated. > > Hey, relax. And show us your config, after deleting any passwords, > if this doesn't help. It's hard to diagnose without guessing > otherwise. Also show the exact command you used, and whether it > said success or something else. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJSEAkNAAoJEH1iO/rgZIL9qxMIAJw7QAlL2ItJ3s3/2sNa5Vew iypVvUsyiUcW2wD88qtj4N5jVMh5PTCJft0qvNhClpl58Dt9gm9tlBrVM4usnui8 TwtMK3riFhwwrtHFcv7dmbeueugoLyILc6gw2qqDJ91UPEYz7cQlK2ASeSPLgGn0 OyyV/GFQ3AYWLvZewqf1NinGlx9I0E3ztEEzIEz8l9Pno/B3zNjtLIrjTFO4fhQ/ i720Osm9c4pSihbtgQOfAtRbhz6uxWPESFAzcS/0n3hHscVpMBvYJOvsNtGb6vbp Ts7GGzqALItKQPUZhN+szv8G5b4mga2KvhavXG0wMdQrF+0dP6YJ2i3cnDwuc6E= =SO3n -----END PGP SIGNATURE-----
