RE: [EXT] Re: Q: Unexpected ldapsearch results (result incomplete)

Thu, 26 Jun 2025 00:43:30 -0700 

Sorry for the lengthy delay: Somehow the user actually used for binding was not 
the one expected; using the admin user to read returned all entries! Sorry for 
the noise.

Kind regards,
Ulrich Windl

> -----Original Message-----
> From: Ondřej Kuzník <on...@mistotebe.net>
> Sent: Monday, June 23, 2025 12:12 PM
> To: Windl, Ulrich <u.wi...@ukr.de>
> Cc: openldap-technical@openldap.org
> Subject: [EXT] Re: Q: Unexpected ldapsearch results (result incomplete)
> 
> On Fri, Jun 20, 2025 at 10:59:45AM +0000, Windl, Ulrich wrote:
> > Hi!
> >
> > I thought I had exported a subtree of out OpenLDAP 2.4 server, when I
> > realized that the result is incomplete. So I started investigating
> > (still OpenLDAP 2.4):
> >
> > # ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "$BASE" -s one  -o ldif-wrap=no
> '(objectClass=ipService)'
> >
> > ### produces a lot of entries but at least one specific entry is missing!
> >
> > When trying to add the entry I get "Already exists (68)" from ldapadd
> > for cn=zip@6/ddp, "$BASE
> >
> > # ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "$BASE" -s one  -o ldif-wrap=no
> '(cn=zip@6/ddp)'
> >
> > Finds the entry
> >
> > # ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "$BASE" -s one  -o ldif-wrap=no
> ' (&(objectClass=ipService)(cn=zip@6/ddp))'
> >
> > Also finds the entry
> >
> > # ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b "$BASE" -s one  -o ldif-wrap=no
> '(&(objectClass=ipService))' | grep cn=zip
> >
> > Results in no match
> >
> > I don't have a sizelimit set when searching.
> >
> > Adding options like "-z 99999 -l 30" had no effect.
> >
> > Any ideas?
> 
> Hi Ulrich,
> what is the identity you're running the search as? How does it interact
> with ACLs? My best guess is that you don't have at least search access
> to objectClass=ipService or the (unchecked?) limit is hit. Check the
> logs as well.
> 
> And when "exporting" a DB, you should probably use slapcat.
> 
> Regards,
> 
> --
> Ondřej Kuzník
> Senior Software Engineer
> Symas Corporation                       http://www.symas.com
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP

Reply via email to