Trying to practise myself with LDAP, I change the top ldif entry ( top container) from "domain" to organizationalUnit+dcObject as follows: 1 Using objectclass domain: dn: dc=xen2vm1,dc=example,dc=com objectClass: top objectClass: domain dc: xen2vm1 [... other entries ... for users ] 2. Using objectclass organizationalUnit dn: dc=xen2vm1,dc=example,dc=com objectclass: top objectclass: organizationalunit objectclass: dcObject ou: xen2vm1.example.com dc: xen2vm1 [... other entries ... for users ] In both cases, other entries below dc=xen2vm1,dc=example,dc=com are the same. In the first case, the command "ldapsearch -x -b dc=xen2vm1,dc=example,dc=com -h xen2vm1.example.com" returns all other entries. In the second case the above command return no errors and nothing at all. I am new with LDAP and cannot figure out what's wrong with the 2nd case. Any advice is greatly appreciated. Vu
