Re: LDAPGROUPs

Thu, 09 Sep 2004 08:26:04 -0700 

I'got it!

The problem is with my OpenLDAP server... I'll trying with the IPlanet Directory Server and all it's allright.

I will check for information about it...

Pending to add qmailUser to my mail group.

Tx a lot.


Claudio Jeker wrote: 
On Thu, Sep 09, 2004 at 03:43:02PM +0200, Saxa Egea wrote:

Nice try!

But I get no answer. And in the ldap log appers:

Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=0 BIND dn="cn=Manager,o=Mango,c=ES" mech=SIMPLE ssf=0
Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=0 RESULT tag=97 err=0 text=
Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=1 SRCH base="o=Mango,c=ES" scope=2 deref=0 nfilter="(&(ou:dn:=mangocentral)(o:dn:=mango)(c:dn:=es)(objectClass=qmailUser))"
Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=1 SRCH attr=cn
Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=2 UNBIND
Sep 9 15:32:23 ideafix slapd[985]: conn=262 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 9 15:32:23 ideafix slapd[985]: conn=262 fd=8 closed


If the filter must be in reverse order (from upper to lower) I get the same result:

Sep 9 15:33:35 ideafix slapd[985]: conn=263 fd=8 ACCEPT from IP=192.168.55.127:38130 (IP=0.0.0.0:389)
Sep 9 15:33:35 ideafix slapd[985]: conn=263 op=0 BIND dn="cn=Manager,o=Mango,c=ES" method=128
Sep 9 15:33:35 ideafix slapd[985]: conn=263 op=0 BIND dn="cn=Manager,o=Mango,c=ES" mech=SIMPLE ssf=0
Sep 9 15:33:35 ideafix slapd[985]: conn=263 op=0 RESULT tag=97 err=0 text=
Sep 9 15:33:35 ideafix slapd[985]: conn=263 op=1 SRCH base="o=Mango,c=ES" scope=2 deref=0 filter="(&(c:dn:=es)(o:dn:=mango)(ou:dn:=mangocentral)(objectClass=qmailUser))"
Sep 9 15:33:35 ideafix slapd[985]: conn=263 op=1 SRCH attr=cn
Sep 9 15:33:36 ideafix slapd[985]: conn=263 op=2 UNBIND
Sep 9 15:33:36 ideafix slapd[985]: conn=263 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Sep 9 15:33:36 ideafix slapd[985]: conn=263 fd=8 closed

As you can see the base still being the same.

Could you explain me your answer?



The base dn is still the same but the filter enforces that only a part of
the base dn will match. I don't know why the filter does not return any
element but you can play around with ldapsearch and the filter.
Also I don't know if the second `:' is needed.


And you say that I need UID in the qmailGroup entry. Then I to add the qmailUser objectClass? 


Yes you need to add the qmailUser objectclass.

Reply via email to