[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl-ldap-dev
Subject:    Re: Subtree search.
From:       Chris Ridd <chrisridd () mac ! com>
Date:       2004-11-25 18:51:38
Message-ID: BDCBDA3A.6E232%chrisridd () mac ! com
[Download RAW message or body]

On 25/11/04 6:39 pm, Relho de Couro <relho.de.couro@gmail.com> wrote:

> Hi,
> 
> Well, I'm having a little trouble with (perl-ldap)->search. Actually,
> I don't know if the issue resides on this search method. I have a LDAP
> data base managed by OpenLDAP. I've an organizational subtree called
> ou=Management,dc=Department,dc=Institution. In slapd.conf I've
> permissions like these:
> 
> access to dn=".*ou=Management,dc=Department,dc=Institution"
>           by anonymous auth
>           by dn="cn=Manager,ou=Administration,dc=Department,dc=Institution"
> +wrscx
>           by dn=".*,dc=Department,dc=Institution" =r
>           by self write
> 
> The problem is: I cannot access (lets say, read) the complete subtree
> entries (from ou=Management,dc=Department,dc=Institution) using
> cn=Manager,ou=Administration,dc=Department,dc=Institution as the
> binder DN. Yet, using the main OpenLDAP manager DN
> (cn=root,dc=Department,dc=Institution) I can read all the subtree
> entries (entries I mean by leaf DNs, subtree DNs and their leaf DNs,
> and so on), using the same perl code of course.
> 
> ( seach query: $ldap->search(base=>$SubtreeDN, scope=>'sub',
> filter=>"(objectclass=*)"); )
> 
> Could anyone give any suggestion/idea on what could be going on, please?

I suspect you should try to reproduce your problems using the commandline
tool that OpenLDAP ships (ldapsearch) and ask your question on an OpenLDAP
list :-)

Cheers,

Chris


[prev in list] [next in list] [prev in thread] [next in thread]