I have an open-ldap-server configuration with a translucent_proxy
This is to enrich the companies ldap server entries with local attributes. In general it works fine.
I have a company ldap server: ldap.c.com
, this one serves
dc=company,dc=com
and the usual subtrees (ou=People,group
)
I have a local ldap server: ldap.my.c.com
, this one serves an overlay of the ou=People,dc=company,dc=com
.
so I could ask
ldapsearch -x -H ldap://ldap.c.com/ (uid=frank) mail mailLocalAddress
and will get something like
dn:uid=frank,ou=people,dc=company,dc=com
mail: [email protected]
and when asking my local ldap server the same question
ldapsearch -x -H ldap://ldap.my.c.com/ (uid=frank) mail mailLocalAddress
I will get my enriched result of
dn:uid=frank,ou=people,dc=company,dc=com
mail: [email protected]
mail: [email protected]
mailLocalAddress: [email protected]
mailLocalAddress: [email protected]
FINE!
But when requesting any objectClass in the filter rule
ldapsearch -x -H ldap://ldap.my.c.com/ (&(uid=frank)(objectClass=posixAccount)) mail mailLocalAddress
gives me no results at all:
#search result
search: 2
result: 0 success
But the records do definitively have objectClasses of top,Person, inetorgPerson,posixAccount and some more set. So what am I possibly doing wrong?
It looks like you are doing an unauthenticated ldapsearch, this could be the problem. First try to verify if you can see the objectClasses this way with:
If this gives you no output you have probably some acl set, which prohibits you from seeing that. You can check them locally with something like (depending on your setup):
There you can see who has access to that attributes and can use an authenticated ldapsearch (also depending a little bit on youre setup):