Discussion:
ldapsearch basics
benjamin thielsen
2005-04-15 00:41:38 UTC
Permalink
hi-

i'm having trouble doing a basic ldap search. the command i'm using is:

ldapsearch -vx "(uid=luna)" - which gives me the following:

20:38:25(***@under)/etc/ldap>ldapsearch -vx "(uid=luna)"
ldap_initialize( <DEFAULT> )
filter: (uid=luna)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

however, if i use this command instead:

ldapsearch -vx "(uid=luna*)" - i get the expected results:

20:38:28(***@under)/etc/ldap>ldapsearch -vx "(uid=luna*)"
ldap_initialize( <DEFAULT> )
filter: (uid=luna*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna*)
# requesting: ALL
#

# luna, People, groundnoise.net
dn: uid=luna,ou=People,dc=groundnoise,dc=net
uid: luna
cn: luna
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12729
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/luna
gecos: luna,,,

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

i can do searches on any other attribute aside from uid, and not need
to add the * at the end of the filter, but for a reason i have yet to
figure out, the uid attribute filter seems to behave differently.

any ideas?

thanks
-ben
Craig White
2005-04-15 06:43:28 UTC
Permalink
Post by benjamin thielsen
hi-
ldap_initialize( <DEFAULT> )
filter: (uid=luna)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
ldap_initialize( <DEFAULT> )
filter: (uid=luna*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna*)
# requesting: ALL
#
# luna, People, groundnoise.net
dn: uid=luna,ou=People,dc=groundnoise,dc=net
uid: luna
cn: luna
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12729
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/luna
gecos: luna,,,
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
i can do searches on any other attribute aside from uid, and not need
to add the * at the end of the filter, but for a reason i have yet to
figure out, the uid attribute filter seems to behave differently.
any ideas?
----
indexes?

what does index section of slapd.conf look like?

ls -l /var/lib/ldap (or wherever your ldap data is stored)

are the files owned by ldap:ldap ?

is there a file ? owned by ldap:ldap ?
# ls -l /usr/local/var/openldap-data/uid.bdb
-rw------- 1 ldap ldap 225280 Feb 28
13:10 /usr/local/var/openldap-data/uid.bdb

perhaps you need to run slapindex.
perhaps you need to change the ownership of the file per above.
perhaps you haven't declared the uid to have an index

Craig
benjamin thielsen
2005-04-15 22:09:15 UTC
Permalink
Post by Craig White
Post by benjamin thielsen
hi-
ldap_initialize( <DEFAULT> )
filter: (uid=luna)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
ldap_initialize( <DEFAULT> )
filter: (uid=luna*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=luna*)
# requesting: ALL
#
# luna, People, groundnoise.net
dn: uid=luna,ou=People,dc=groundnoise,dc=net
uid: luna
cn: luna
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 12729
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/luna
gecos: luna,,,
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
i can do searches on any other attribute aside from uid, and not need
to add the * at the end of the filter, but for a reason i have yet to
figure out, the uid attribute filter seems to behave differently.
any ideas?
----
indexes?
what does index section of slapd.conf look like?
ls -l /var/lib/ldap (or wherever your ldap data is stored)
are the files owned by ldap:ldap ?
is there a file ? owned by ldap:ldap ?
# ls -l /usr/local/var/openldap-data/uid.bdb
-rw------- 1 ldap ldap 225280 Feb 28
13:10 /usr/local/var/openldap-data/uid.bdb
perhaps you need to run slapindex.
perhaps you need to change the ownership of the file per above.
perhaps you haven't declared the uid to have an index
Craig
running slapindex solved the problem. i clearly need a better
understanding of the role indexes play. i had always thought that not
indexing meant searches would be slower, but still yield the same
results - but is this not the case?

i gather slapindex should be run on some sort of regular basis?

thanks
-ben
Wil Cooley
2005-04-16 03:45:00 UTC
Permalink
Post by benjamin thielsen
running slapindex solved the problem. i clearly need a better
understanding of the role indexes play. i had always thought that not
indexing meant searches would be slower, but still yield the same
results - but is this not the case?
i gather slapindex should be run on some sort of regular basis?
Only when you update the list of indexes in the configuration. What
happened, I suspect, is that you updated the index config and hadn't
rebuilt the indexes. slapd saw the configured indexes and assumed that
everything it was searching for should have been in indexes, so it
didn't perform a full database search.

Here's a page I wrote up when I was trying to figure out how to keep the
LDAP server on-line as much possible when updating the indexes. It's
kinda obvious when you think about it, but it took me a couple think-o's
before I got it right:

http://nakedape.cc/wiki/ApplicationNotes_2fLdapNotes

Wil
--
Wil Cooley wcooley-***@public.gmane.org
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
Loading...