[RndTbl] Odd LDAP issue

Robert Keizer robert at keizer.ca
Tue Jul 17 13:52:05 CDT 2012

Maybe someone can point out that I'm being a complete idiot.

I've got a custom LDAP schema ( see below ) that defines 2 attributes, 
namely "clientAccountEnabled" and "clientDownloadsAvailable". Their 
sytax is defined by the LDAP schema for Boolean and Int values. I'm also 
making use of a "dead-space" OID of 1.1.x until the enterprise 
allocation goes through. The objectClass of "clientAccount" enforces 
that both fields must exist in any object of this type.

I've got a few objects which have the objectType of clientAccount ( 
example below ).

The problem I'm running into is that any filtering I do with these 
fields doesn't work. Only testing that the fields exists seems to work.

1. '(&(uid=robert)(objectClass=clientAccount))' - works
2. '(&(uid=robert)(objectClass=clientAccount)(clientAccountEnabled=*))' 
- works  ( tests if the field exists )
- Fails
- Fails

Obviously 3 and 4 should be mutually exclusive, but nothing shows up. 
I've checked that the field types ( and ) are valid, as setting them to another 
type fails with syntax errors.

Any thoughts or suggestions would be much appreciated.. I've been 
banging my head against the wall for a couple hours now.



n: cn={4}client,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}client
olcAttributeTypes: {0}( NAME 'clientAccountEnabled' SYNTAX
  .1466. SINGLE-VALUE )
olcAttributeTypes: {1}( NAME 'clientDownloadsAvailable' SYNTAX
  .4.1.1466. SINGLE-VALUE )
olcObjectClasses: {0}( NAME 'clientAccount' DESC 'A Client 
Account' SUP
   top AUXILIARY MUST ( uid $ clientAccountEnabled $ 
clientDownloadsAvailable )

LDAP Object with objectClass=clientAccount:

# robert, people, younessleeptechnologies.com
dn: uid=robert,ou=people,dc=younessleeptechnologies,dc=com
uid: robert
uidNumber: 20000
gidNumber: 20000
cn: robert
sn: robert
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: clientAccount
loginShell: /bin/sh
homeDirectory: /home/robert
clientDownloadsAvailable: 10
clientAccountEnabled: TRUE

More information about the Roundtable mailing list