I am writing a servlet based web application that will authenticate users against Domino LDAP. I’m using an ldapsearch utility to perform searches against the server, but for some reason I’m not getting back all of the results I would expect. We have multiple directories setup, one of which is specifically for registering web users for our customers. If I perform something like “ldapsearch -h ldap.host.com cn=Brian*” I would expect to get back any entry who’s common name starts with Brian. I do get several of them, but the ones from our web user address book do not get returned. I’ve got that address book setup in the directory assistance database on the server, so not sure what to do next.
Your help is appreciated.
Thanks.
Subject: Next steps
If you’re familiar with troubleshooting LDAP, you could use the notes.ini parameter LDAPDebug=7 to determine whether LDAP is locating all of the expected results. If it isn’t, DEBUG_NAMELOOKUP=1 and WEBAUTH_VERBOSE_TRACE=1 may help you identify what’s causing LDAP to not-return the expected results. You may want to engage IBM LTS for assistance with troubleshooting this.
Subject: ACL to blame?
I set the ldapdebug=7 and I can see the output in the console of what’s happening when I’m performing a search. Didn’t really point to a problem. I was doing anonymous searches and thought I would see more if I binded as myself on the search, this method resulted in a slightly more verbose output. However I still couldn’t see the result I was looking for. I’m pretty new to ldap, btw.
Got me thinking, are the results returned effected by how I am setup in the database ACL? I have manager access to pretty well all our directories, except the one in question. That particular directory, I only have designer access (it was never changed.) If I bind as myself and do a search for cn=Shane*, I get results from other directories, but not from the one I only have Designer access to. If I bind as the Shane I am looking for (using his password) and search for cn=Shane*, I get back the result I am looking for in the directory, plus all the ones I was getting when binding as myself. So does it make sense that only having designer access to the database results in me not seeing results from it when searching?
Subject: Not the ACL
Well it doesn’t seem to be related to the ACL since I still don’t get the expected result after having my access change to Manager.