Problem is resolved. Your hint around "single match" made it work. I did not realize openxpki is strict on the count of returned values. Explains exactly why uid=first.last works but uid=* doesn't.
Not openxpki but related, this makes sense. We have another LDAP consumer acting strange based on multiple returned groups and the consumer having to pick one of them (usually the first or last). Jess On Tue, Aug 31, 2021 at 6:06 AM Oliver Welter <[email protected]> wrote: > What connector are you talking about and what are you trying to achive? > > You usually need to pass an argument to the filter expression to select > the correct item, have a look at the examples, e.g.: > > filter => '(&(uid=[% LOGIN %])(accountStatus=active))' > > In the most places the connectors are supposed to return a single match. > > regards > > Oliver > > Am 30.08.21 um 23:35 schrieb Jess Johnson: > > I'm still having problems with LDAP filters in the realm connector. > > Version openxpki 3.14 connecting to 389-ds > > Does anyone have any suggestions? > > To reiterate: > This works with openxpki (verifies that the bind dn, password and baseDN > are correct) > filter: "(uid=first.last)" > > These both work fine with ldapsearch, but NOT openxpki > filter: "(uid=*)" > filter: > "(memberOf=CN=pkiadmin,OU=groups,OU=redacted,OU=redacted,DC=redacted,DC=redacted)" > > > > > > > > On Thu, Aug 19, 2021 at 8:26 AM Jess Johnson <[email protected]> wrote: > >> Hello. I'm setting up openxpki with our redhat 389-ds server but having a >> problem with the filter. >> >> This works >> filter: "(uid=first.last)" >> >> None of this works: >> filter: "(uid=*)" >> filter: "(memberOf=cn=pkiadmin)" >> filter: >> "(memberOf=CN=pkiadmin,OU=groups,OU=redacted,OU=redacted,DC=redacted,DC=redacted)" >> filter: >> "(cn=pkiadmin,ou=groups,ou=redacted,ou=redacted,dc=redacted,dc=redacted)" >> >> Thoughts? >> >> Jess >> > > > _______________________________________________ > OpenXPKI-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
