Re: [nssldap] Error in creating filter with nss_ldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Error in creating filter with nss_ldap
- From: Alex Samad <alex [at] samad.com.au>
- To: nssldap [at] padl.com
- Subject: Re: [nssldap] Error in creating filter with nss_ldap
- Date: Sun, 23 Dec 2007 16:55:38 +1100
On Sat, Dec 22, 2007 at 11:40:22PM -0000, Markus Moeller wrote:
> I use OpenSuse 10.3 with nss_ldap 257 and try to use AD as ldap server. When
> I use the following ldap.conf file:
>
> ldap_version 3
> uri ldap://w2k3r2.win2003r2.home/
> base DC=win2003r2,DC=home
> binddn cn=ldap user,cn=users,dc=win2003r2,dc=home
> bindpw secret
> scope sub
> bind_policy soft
> nss_initgroups_ignoreusers root,ldap
> nss_schema rfc2307bis
>
> nss_map_attribute uidnumber employeeid
>
> nss_base_passwd
> cn=users,dc=win2003r2,dc=home?sub?(&(&(objectclass=user)(uidnumber=*))(employeeid=*))
> nss_base_shadow
> cn=users,dc=win2003r2,dc=home?sub?(&(&(objectclass=user)(uidnumber=*))(employeeid=*))
> nss_base_group
> cn=users,dc=win2003r2,dc=home?sub?(&(objectclass=group)(gidnumber=*))
>
> I don't get any valid responses (despite having valid entries in AD as I
> checked with ldapsearch) . I recompiled nss_ldap with debug and some extra
> output. The output is below and it looks like nss_ldap is builing an invalid
> filter.
>
> Is this a bug ?
if it helps this is my file from libnss.conf
nss_base_passwd
dc=samad,dc=com,dc=au?sub?|(host=hufpuf.lan1.hme1.samad.com.au)(|(host=hme1.samad.com.au)(host=samad.com.au))
nss_base_shadow
dc=samad,dc=com,dc=au?sub?|(host=hufpuf.lan1.hme1.samad.com.au)(|(host=hme1.samad.com.au)(host=samad.com.au))
notice the unmatch ) at the end, I think i found this by looking through the
code
>
> Thank you
> Markus
>
>
> nss_ldap: ==> _nss_ldap_enter
> nss_ldap: <== _nss_ldap_enter
> nss_ldap: ==> _nss_ldap_ent_context_init_locked
> nss_ldap: <== _nss_ldap_ent_context_init_locked
> nss_ldap: ==> _nss_ldap_leave
> nss_ldap: <== _nss_ldap_leave
> nss_ldap: ==> _nss_ldap_enter
> nss_ldap: <== _nss_ldap_enter
> nss_ldap: ==> _nss_ldap_getent_ex
> nss_ldap: ==> _nss_ldap_ent_context_init_locked
> nss_ldap: <== _nss_ldap_ent_context_init_locked
> nss_ldap: ==> _nss_ldap_search
> nss_ldap: ==> do_init
> nss_ldap: ==> do_close
> nss_ldap: <== do_close
> nss_ldap: ==> do_close
> nss_ldap: <== do_close
> nss_ldap: ==> do_atfork_setup
> nss_ldap: <== do_atfork_setup
> nss_ldap: ==> _nss_ldap_add_uri
> nss_ldap: <== _nss_ldap_add_uri: added URI ldap://w2k3r2.win2003r2.home/
> nss_ldap: <== do_init (initialized session)
> nss_ldap: ==> do_filter
> nss_ldap: :== do_filter:
> (&(&(objectClass=posixGroup))((&(objectclass=group)(gidnumber=*))))
> nss_ldap: <== do_filter
> nss_ldap: ==> do_with_reconnect
> nss_ldap: ==> do_open
> nss_ldap: ==> do_init
> nss_ldap: <== do_init (initialized session)
> nss_ldap: ==> do_bind
> nss_ldap: <== do_bind
> nss_ldap: ==> do_set_sockopts
> nss_ldap: <== do_set_sockopts
> nss_ldap: <== do_open (session connected to DSA)
> nss_ldap: ==> do_search
> nss_ldap: <== MM Filter:
> (&(&(objectClass=posixGroup))((&(objectclass=group)(gidnumber=*))))
> nss_ldap: <== MM rc: -7(Bad search filter)
> nss_ldap: <== do_search
> nss_ldap: <== do_with_reconnect
> nss_ldap: <== _nss_ldap_search
> nss_ldap: <== _nss_ldap_getent_ex
> nss_ldap: ==> _nss_ldap_leave
> nss_ldap: <== _nss_ldap_leave
> nss_ldap: ==> _nss_ldap_enter
> nss_ldap: <== _nss_ldap_enter
> nss_ldap: ==> _nss_ldap_ent_context_release
> nss_ldap: <== _nss_ldap_ent_context_release
> nss_ldap: ==> _nss_ldap_leave
> nss_ldap: <== _nss_ldap_leave
>
>
>
>
>
>
