[RndTbl] Odd LDAP issue

Robert Keizer robert at keizer.ca
Tue Jul 17 13:52:05 CDT 2012 

Maybe someone can point out that I'm being a complete idiot.

I've got a custom LDAP schema ( see below ) that defines 2 attributes, 
namely "clientAccountEnabled" and "clientDownloadsAvailable". Their 
sytax is defined by the LDAP schema for Boolean and Int values. I'm also 
making use of a "dead-space" OID of 1.1.x until the enterprise 
allocation goes through. The objectClass of "clientAccount" enforces 
that both fields must exist in any object of this type.

I've got a few objects which have the objectType of clientAccount ( 
example below ).

The problem I'm running into is that any filtering I do with these 
fields doesn't work. Only testing that the fields exists seems to work.

1. '(&(uid=robert)(objectClass=clientAccount))' - works
2. '(&(uid=robert)(objectClass=clientAccount)(clientAccountEnabled=*))' 
- works  ( tests if the field exists )
3. 
'(&(uid=robert)(objectClass=clientAccount)(clientAccountEnabled=TRUE))' 
- Fails
4. 
'(&(uid=robert)(objectClass=clientAccount)(!(clientAccountEnabled=TRUE)))' 
- Fails

Obviously 3 and 4 should be mutually exclusive, but nothing shows up. 
I've checked that the field types ( 1.3.6.1.4.1.1466.115.121.1.7 and 
1.3.6.1.4.1.1446.115.121.1.27 ) are valid, as setting them to another 
type fails with syntax errors.

Any thoughts or suggestions would be much appreciated.. I've been 
banging my head against the wall for a couple hours now.

Rob

Schema:

n: cn={4}client,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}client
olcAttributeTypes: {0}( 1.1.1.1 NAME 'clientAccountEnabled' SYNTAX 
1.3.6.1.4.1
  .1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.1.1.2 NAME 'clientDownloadsAvailable' SYNTAX 
1.3.6.1
  .4.1.1466.115.121.1.27 SINGLE-VALUE )
olcObjectClasses: {0}(1.1.2.1 NAME 'clientAccount' DESC 'A Client 
Account' SUP
   top AUXILIARY MUST ( uid $ clientAccountEnabled $ 
clientDownloadsAvailable )
   )


LDAP Object with objectClass=clientAccount:

# robert, people, younessleeptechnologies.com
dn: uid=robert,ou=people,dc=younessleeptechnologies,dc=com
uid: robert
uidNumber: 20000
gidNumber: 20000
cn: robert
sn: robert
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: clientAccount
loginShell: /bin/sh
homeDirectory: /home/robert
clientDownloadsAvailable: 10
clientAccountEnabled: TRUE

More information about the Roundtable mailing list