Am 24.11.22 um 02:14 schrieb Howard Chu:
[email protected] wrote:
Using slapd 2.5 with dynlist to generate memberof.
We use sssd ldap provider with ldap_user_search_filter parameter and memberof
filter and only the user which are memberof=XY are in the sssd cache. So it
works as expected, since slapd 2.5
We use ldapsearch with memberof filter and it works as expected, since slapd 2.5
Iam trying out some webapps, configure the ldap filter and iam wondering
because the filter with the memberof attribute will be transmitted to slapd but
there is no search result in the slapd.log. If i copy the webapp ldap filter
from the slapd log and try it out with ldapsearch on the webapp server i get
search results.
Could somebody clearify me ?
Read the slapo-dynlist(5) manpage, especially the note about the manageDSAit
control. Then check the slapd packet trace and see what
controls the webapp is sending with the search request.
About the controls:
Wireshark told me the managedsait control is not sent by the webapp ldap
client and not by the ldapsearch (without -M). I never used -M.
The webapp sends the control "pageresultcontrol" , size 500 to slapd.
The slapd response back to the client "pageresultcontrol" size 0.
