When executing commands from the command line shell both & and ( is special characters and need to be within quotes. Also, LDAP does not make use of quoting.
Try this slight variation of the same command: ldapsearch -h 172.25.0.19 -p 389 "(&(member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag)(cn=CAS_NU_Internetuser))" The point is not that the two objects are different, the point is what each object contains and how this translates to search filters. A LDAP filter can only match a single object. A search filter for looking up a user object is different from a search filter user for looking up if a user is member of a certain group, because the objects the two filters looks for is fundamentally different in their content and structure. Regards Henrik tor 2003-04-03 klockan 12.13 skrev [EMAIL PROTECTED]: > Of course there are differences, I have seen this before > > D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 uid="vogels" > CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag > cn=Stefan Vogel > shortname=VogelS > uid=VogelS > [EMAIL PROTECTED] > objectclass=top > objectclass=person > objectclass=organizationalPerson > objectclass=inetOrgPerson > objectclass=dominoPerson > givenname=Stefan > sn=Vogel > > D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 cn="CAS_NU_Internetuser" > CN=CAS_NU_Internetuser > cn=CAS_NU_Internetuser > [EMAIL PROTECTED] > objectclass=top > objectclass=groupOfNames > objectclass=dominoGroup > member=CN=Klaus Steger,OU=nu,OU=eu,OU=au,O=cag > member=CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag > member=CN=Stephan Malaga,OU=nu,OU=eu,OU=au,O=cag > > but when I try this > D:\Lotus\Domino>ldapsearch -h 172.25.0.19 -p 389 (&(member="CN=Stefan > Vogel,OU=n > u,OU=eu,OU=au,O=cag")(cn="CAS_NU_Internetuser")) > > it results in this > (cn was unexpected at this time. > what I don't understand. > > Regards > Stefan > > > > Henrik Nordstrom > <[EMAIL PROTECTED] > org> To > [EMAIL PROTECTED] > 02.04.2003 17:01 cc > [EMAIL PROTECTED] > Subject > Re: [squid-users] Authentification > against DominoNotes LDAP > > > > > > > > > > > ldapsearch expects a single LDAP filter argument. The next argument is > what data you want to have returned. To search for a object having both > attribtues uid=vogels and cn=CAS_NU_Internetuser the filter becomes > > (&(uid=vogels)(cn=CAS_NU_Internetuser)) > > However, this does not make sense as the group does not have > uid=vogels.. uid=vogels belongs to the user object, while > cn=CAS_NU_Internetuser belongs to the group object. > > > To get a better understanding of how groups works in LDAP try these two > searches: > > > ldapsearch ... uid=vogels > > ldapsearch ... cn=CAS_NU_Internetuser > > and then compare the returned data, considering that the first is a > user, the second a group with several users as members.. > > > Regards > Henrik > > > > ons 2003-04-02 klockan 15.43 skrev [EMAIL PROTECTED]: > > I have used your syntax with the changed groupname: > > > > squid_ldap_group -b "o=cag" -f " > > (&(cn=CAS_NU_Internetuser)(objectClass=groupOfNames)(member=%u))" -F " > > (&(uid=%s)(objectClass=Person))" 172.25.0.19 > > > > Of cource I have tried ldapsearch on my Server, with: > > ldapsearch -h 172.25.0.19 -p 389 uid="vogels" cn="CAS_NU_Internetuser" > > as result I get: > > CN=Stefan Vogel,OU=nu,OU=eu,OU=au,O=cag > > what is correct for my name. The result is the entry that is in the > > "member-field" of the group > > Tests with other users are resulting in their names, even if they are not > > in the group. > > > > May be I do not completely understand ldap :-( > > > > Regards > > Stefan > > > > > > > > > Henrik Nordstrom > > > <[EMAIL PROTECTED] > > > org> > To > > [EMAIL PROTECTED] > > > 02.04.2003 14:27 > cc > > [EMAIL PROTECTED] > > > > Subject > > Re: [squid-users] Authentification > > > against DominoNotes LDAP > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Exacly what are you using now? > > > > Have you tried using the ldapsearch tool to gain an understanding of the > > LDAP structure of your server? > > > > Regards > > Henrik > > > > > > ons 2003-04-02 klockan 13.53 skrev [EMAIL PROTECTED]: > > > Hello, > > > > > > I have checked your syntax, but it still does not work. > > > > > > I have now renamed the group to "CAS_NU_Internetuser", so it now does > not > > > have any spaces anymore, but this is not still not working. > > > > > > When I start the script on the shell, I enter the Shortname (vogels) > and > > > the goupname (cas_nu_internetuser) seperated by a blank. As result I > > > always get ERR. > > > > > > Any more ideas? > > > Is there a way to see more detailed results, but ERR? > > > > > > Regards > > > Stefan > > > > > > > > > > > > > > > > > Henrik Nordstrom > > > > > <[EMAIL PROTECTED] > > > > > org> > > To > > > [EMAIL PROTECTED] > > > > > 02.04.2003 11:45 > > cc > > > [EMAIL PROTECTED] > > > > > > > Subject > > > Re: [squid-users] > Authentification > > > > > against DominoNotes LDAP > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ons 2003-04-02 klockan 09.56 skrev [EMAIL PROTECTED]: > > > > Thanks, it didn't install correctly, but now I found it in the > > > > sourcedirectory. > > > > > > > > Nevertheless I did not get it working. > > > > I have a group called "Internetuser NU" and a basedn "o=cag" > > > > I have tried > > > > squid_ldap_group -b "o=cag" -f "Internetuser NU" -F uid=%s > 172.25.0.19 > > > > > > > > > The above -f argument is not a valid LDAP filter specification... > > > > > > Try this > > > > > > squid_ldap_group -b "o=cag" -f "(&(cn=Internetuser > > > NU)(objectClass=groupOfNames)(member=%u))" -F > > > "(&(uid=%s)(objectClass=Person))" 172.25.0.19 > > > > > > > > > -- > > > Henrik Nordstrom <[EMAIL PROTECTED]> > > > MARA Systems AB, Sweden > > > > > > > > -- > > Henrik Nordstrom <[EMAIL PROTECTED]> > > MARA Systems AB, Sweden > > > > > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden > > -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
