LDAP > ldapsearch doesn't print the entries when bound as normal user

cbonar · 09-17-2007, 01:19 PM

Hello,

I'm currently setting up a 'home' ldap server for authentication purposes and I'm having problems understanding the output of the ldapsearch command.

In short, my base looks as follows :

Code:

dc = colanet
\--cn = admin
\--ou = people
   \--uid = cbonar

When I'm doing a search on all elements in the base as a user of "ou=people", the answer is the following :

Code:

cbonar@colabox:~$ ldapsearch -x -W -D "uid=cbonar,ou=people,dc=colanet"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

It seems to be ok (numResponses = 1) but why is no entry listed ?
When I do the same command as the admin I've plenty of entries and in the end the following lines :

Code:

...

# search result
search: 2
result: 0 Success

# numResponses: 8
# numEntries: 7

Shouldn't the entry of the user who made the search be printed at least ?

mpapet · 09-18-2007, 10:27 AM

Your regular user account needs to have permission to read the whole tree. You need a new entry in slapd.conf for that regular user.

cbonar · 09-22-2007, 01:19 PM

I got it working : it was indeed an access problem.

My slapd.conf had this directive :

Code:

access to *
        by dn="cn=admin,dc=colanet" write
        by * auth
        by self write

Reading the 'access' chapter of the ldap admin guide, I figured out that the order of the 'by who' clauses was wrong : the 'by self' was never matched (because 'by *' applies to all and is read before).

Thanks for giving me the right direction !