Stefan Seelmann wrote:
However, when I search for "objectclass=accessControlSubentry", nothing
is returned (with or without the "+" attribute). Even searching for the
explicit dn of a known ACI doesn't return anything.
Do you think this is a "user error", or a problem with the openldap
ldapsearch, or apacheds? I am using the 1.5.4 release.
You need to send the "subentries" control in order to retrieve ACI
entries. For the OpenLDAP CLI client please add the "-E subentries" option.
Example:
ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -W -b
"dc=example,dc=com" -s sub -E subentries
"(objectclass=accessControlSubentry)" "*" "+"
Thanks very much for the quick response, Stefan. That did the trick! I
have just re-checked the man page for ldapsearch and would never have
thought to try "-E subentries" based on the text.
I am grateful for your help. Thanks very much.
Brian
