directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject Re: How to retrieve ACI entries from the directory
Date Mon, 06 Oct 2008 17:14:06 GMT
Stefan Seelmann wrote:
>> However, when I search for "objectclass=accessControlSubentry", nothing
>> is returned (with or without the "+" attribute). Even searching for the
>> explicit dn of a known ACI doesn't return anything.
>> Do you think this is a "user error", or a problem with the openldap
>> ldapsearch, or apacheds? I am using the 1.5.4 release.
> You need to send the "subentries" control in order to retrieve ACI
> entries. For the OpenLDAP CLI client please add  the "-E subentries" option.
> Example:
> ldapsearch -H ldap://localhost:10389 -x -D "uid=admin,ou=system" -W -b
> "dc=example,dc=com" -s sub -E subentries
> "(objectclass=accessControlSubentry)" "*" "+"

Thanks very much for the quick response, Stefan. That did the trick! I 
have just re-checked the man page for ldapsearch and would never have 
thought to try "-E subentries" based on the text.

I am grateful for your help. Thanks very much.


View raw message