On 12/14/2015 11:16 PM, Frank Munsche wrote:
Hi Guys,
I'm trying to understand why ldapsearch returns some objects of the dit only
when the dn is set to the object I'm looking for and the search scope has to
be base, e.g.:
There is an object at the dn: cn=repl keep alive 1,dc=example,dc=org"
A search operation using dc=example,dc=org as base and the scope 'sub' will
not return the entry. Setting the search base to the object itself does not
work either:
ldapsearch -H ldap://ldap.example.org -D "cn=directory manager" -w secret -ZZZ
-x -s sub -b "cn=repl keep alive 1,dc=example,dc=org"
# extended LDIF
# LDAPv3
# base <cn=repl keep alive 1,dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# search result
search: 3
result: 0 Success
But using the object's dn and setting the scope to 'base' does return the
ldapsearch -H ldap://ldap.example.org -D "cn=directory manager" -w secret -ZZZ
-x -s base -b "cn=repl keep alive 1,dc=example,dc=org"
# extended LDIF
# LDAPv3
# base <cn=repl keep alive 1,dc=example,dc=org> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
# repl keep alive 1, example.org
dn: cn=repl keep alive 1,dc=example,dc=org
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
cn: repl keep alive 1
# search result
search: 3
result: 0 Success
Does someone have an explanation for this?
Yes. This entry is an "ldapSubEntry". Entries with this objectclass do not appear in regular searches. They only appear if you a) include (objectclass=ldapsubentry) in your search filter or b) specify the DN exactly as the base DN.
thank you,
cheers, frank