On Wed, 23 Mar 2005, Jayesh Kamdar wrote:
The command line - ldapsearch -h ldapsrv1 -b "o=mitre.org" "(&(cn=osis_proxyauth_lg)(member=uid=jkamdar,o=mitre.org))"
results in 0 matches. If I understand right, with this command, I am searching jkamdar in the group called osis_proxyauth_lg, correct? Eventhough, I am in that group, the search comes up empty.
This seach searches for an LDAP object with the values
cn=osis_proxyauth_lg and member=uid=jkamdar,o=mitre.org
Now, this assumes a number of things about your LDAP directory which may or may not be true depending on your LDAP directory structure
Assumption 1: Your LDAP base DN is o=mitre.org
Assumption 2: Groups are named by the CN attribute
Assumption 3: The group you are interested in is named osis_proxyauth_lg
Assumption 4: The DN of your Person object is "uid=jkamdar,o=mitre.org"
Assumption 5: Groups in your LDAP directory is following the LDAP standard method of making groups by listing the members in member attributes carrying the DN of the user being member of the group.
You can verify each of these assumptions by the following searches
1: ldapsearch -h ldapsrv1 -s base -b o=mitre.org
2,3,5: ldapsearch -h ldapsrv1 -b o=mitre.org cn=osis_proxyauth_lg
4: ldapsearch -h ldapsrv1 -b uid=jkamdar,o=mitre.org
Regards Henrik
