directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: How to retrieve ACI entries from the directory
Date Mon, 06 Oct 2008 14:25:17 GMT
Hi Brian,

Brian Burch wrote:
> However, when I search for "objectclass=accessControlSubentry", nothing
> is returned (with or without the "+" attribute). Even searching for the
> explicit dn of a known ACI doesn't return anything.
> Do you think this is a "user error", or a problem with the openldap
> ldapsearch, or apacheds? I am using the 1.5.4 release.

You need to send the "subentries" control in order to retrieve ACI
entries. For the OpenLDAP CLI client please add  the "-E subentries" option.

ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -W -b
"dc=example,dc=com" -s sub -E subentries
"(objectclass=accessControlSubentry)" "*" "+"

Kind Regards,

View raw message