When I perform a search of my LDAP server using '(&(objectclass=person)(email=craigp*)' unless the objectclass of person is within the first 5 of a users objectclasses no entries are found even though both entries exists for craigp or any user we test against.
When I look in the logs for the search the search returns nentries=0
if I do a search just listing either objectclass=person or email=craigp* all entries that have the search string are returned
I have indexed objectclass and this hasn't resolved the issue.
is there a way to resolve this?
Looking at the user craigp what ldapsearch returns and what DSCC displays in the way of objectclass listing are 2 different list orders.
it appears to resolve this would require exporting the users entries changing the order of objectclasses and reimporting them.
Obviously I don't want to have to export all users and make the change to be able to resolve this issue.
We have legacy software that to authenticate users requires the above search parameters and it wouldn't be easy to make the changes to the software.
Edited by: 943914 on 14/11/2012 18:58
Edited by: 943914 on 14/11/2012 19:22
Thank you for your information but this isn't about ordering.
It is about ldap appearing to ignore any objectclass that greater than 5 in a list of objectclasses.
I don't expect to see objectclass X as the first one returned I just expect it to be returned in any order when a search is performed for
As long as both objectclass X and attribute Y exist I should get a return regardless of order.
But when I dump a user to LDIF I find that objectclass X is the 6-x of all of the users objectclasses the search failes.
Can you reproduce this using ldapsearch? It would be useful to see the command line you use to produce this behavior along with access log snippets from the server that correspond with the failed search.