LDAP Search not returning any entries on some filters that 'OR' search components

  • 10085685
  • NOVL91300
  • 31-Jul-2003
  • 31-Jul-2003

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Fact

Novell eDirectory 8.5 for All Platforms

Novell eDirectory 8.6 for All Platforms

Novell eDirectory 8.7 for All Platforms

Symptom

LDAP Search not returning any entries on some filters that 'OR' search components

LDAP Search returns entries when using a supervisor user but not as the anonymous user

Note

This is a two part issue.  First, the search filter must contain multiple components OR'ed together.  For example, a search for all entries with a last name and common name of Smith would look like the following: (|(sn=smith)(cn=smith)).  The second part is that the LDAP user has rights to search on one of the components but not all of them.  In our example, assume that an anonymous bind is done and [Public] only has rights to search on sn but not cn.  (This is the default eDirectory configuration.)  The anonymous user would not be able to find any entries, even though a search with just the filter (sn=smith) could find some.

Fix

You can work-around this issue in two ways.

1. Remove any component that the user does not have the rights to search on.
2. Create the appropriate trustee assignments, such that all of the components can be searched.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.