[Support] Model seems broken with ApacheDS

wfjsw commented 3 years ago

Server: ApacheDS 2.0.0 Client: LdapRecord 2.0.3 with LdapRecord-Laravel 2.0.1

>>> use LdapRecord\Container;
>>> $conn = Container::getDefaultConnection()
=> LdapRecord\Connection {#235}
>>> $conn->query()->find('cn=accounts,ou=servers,dc=winterco,dc=org')
=> [
     "cn" => [
       "count" => 1,
       0 => "accounts",
     ],
     0 => "cn",
     "objectclass" => [
       "count" => 3,
       0 => "top",
       1 => "device",
       2 => "simpleSecurityObject",
     ],
     1 => "objectclass",
     "userpassword" => [
       "count" => 1,
       0 => "{SSHA}ZuDV/1oKDlUdyz7lgU+loQnTP24fB5941Osq2w==",
     ],
     2 => "userpassword",
     "count" => 3,
     "dn" => "cn=accounts,ou=servers,dc=winterco,dc=org",
   ]
>>> LdapRecord\Models\Entry::find('cn=accounts,ou=servers,dc=winterco,dc=org')
=> LdapRecord\Models\Entry {#3525
     +exists: true,
   }
>>> App\Ldap\Server::find('cn=accounts,ou=servers,dc=winterco,dc=org')
=> App\Ldap\Server {#3514
     +exists: true,
   }

App\Ldap\Entry:

<?php

namespace App\Ldap;

use LdapRecord\Connection;
use LdapRecord\Models\Entry as BaseEntry;
use LdapRecord\Query\Model\Builder;
use LdapRecord\Query\Model\OpenLdapBuilder;

class Entry extends BaseEntry {
    /**
     * The attribute key that contains the models object GUID.
     *
     * @var string
     */
    protected $guidKey = 'entryUUID';

    /**
     * Create a new query builder.
     *
     * @param Connection $connection
     *
     * @return Builder
     */
    public function newQueryBuilder(Connection $connection) {
        return new Builder($connection);
    }

}

App\Ldap\Server:

<?php

namespace App\Ldap;

use Illuminate\Contracts\Auth\Authenticatable;
use LdapRecord\Models\Concerns\CanAuthenticate;
use LdapRecord\Query\Builder;

class Server extends Entry implements Authenticatable
{
    use CanAuthenticate;

    /**
     * The object classes of the LDAP model.
     *
     * @var array
     */
    public static $objectClasses = [
        "top",
        // "device"
    ];

    // /**
    //  * The "booting" method of the model.
    //  *
    //  * @return void
    //  */
    // protected static function boot() {
    //     parent::boot();

    //     static::addGlobalScope('servers', function (Builder $builder) {
    //         $builder->where('ou', 'servers');
    //     });
    // }
}

Note the commented field above. The moment I uncomment any of them, any query builder method on that model would only return null. I have also failed to make a query with where on the model, but such query was successfully executed when operating directly on the connection. Also now I have no idea what BASE_DN is used for since I still have to include that base DN part in my find query.

wfjsw commented 3 years ago

This demostrates the where issue:

>>> LdapRecord\Models\Entry::where('cn', 'accounts')->first()
=> LdapRecord\Models\Entry {#3536
     +exists: true,
   }
>>> App\Ldap\Server::where('cn', 'accounts')->first()
=> null

stevebauman commented 3 years ago

Hi @wfjsw! Thanks so much for the sponsorship ❤️ . Let's get you up and running.

If raw queries are working, then we will almost certainly be able to configure a model to retrieve the proper objects.

Can you try giving this a shot?

<?php

namespace App\Ldap;

use LdapRecord\Models\Entry;
use LdapRecord\Query\Builder;
use Illuminate\Contracts\Auth\Authenticatable;
use LdapRecord\Models\Concerns\CanAuthenticate;

class Server extends Entry implements Authenticatable
{
    use CanAuthenticate;

    /**
     * The object classes of the LDAP model.
     *
     * @var array
     */
    public static $objectClasses = [
        "top",
        "device",
        "simpleSecurityObject",
    ];

    /**
     * The "booting" method of the model.
     *
     * @return void
     */
    protected static function boot() {
        parent::boot();

        static::addGlobalScope('servers', function (Builder $builder) {
            $builder->in('ou=servers,dc=winterco,dc=org');
        });
    }
}

 dd(\App\Ldap\Server::where('cn', '=', 'accounts')->first());

Let me know your results and we can continue debugging from there 👍

wfjsw commented 3 years ago

Psy Shell v0.10.5 (PHP 8.0.1 — cli) by Justin Hileman
>>> \App\Ldap\Server::where('cn', '=', 'accounts')->first()
=> null
>>>

I think I've tried this before...

stevebauman commented 3 years ago

Hmm this may be a permissions issue. Does the account you're binding with have permissions to enumerate objects inside of the servers OU? To test this, I would attempt the same above query operation using a global administrator account on your directory. That will cross that off the list as being the potential issue.

Can you also post your LDAP configuration and omit any sensitive information?

wfjsw commented 3 years ago

LDAP Config

dn: ou=config
entryCSN: 20210119014601.504000Z#000000#000#000000
entryUUID: 14bcc109-e28d-4c8f-93eb-c727e9d6c4fd
ou: config
objectClass: top
objectClass: organizationalUnit
entryParentId: 00000000-0000-0000-0000-000000000000

dn: ads-directoryServiceId=default,ou=config
ads-directoryServiceId: default
ads-dsSyncPeriodMillis: 15000
entryCSN: 20210119014601.520000Z#000000#000#000000
ads-dsAllowAnonymousAccess: FALSE
ads-dsReplicaId: 1
ads-dsAccessControlEnabled: FALSE
ads-dsPasswordHidden: FALSE
ads-dsDenormalizeOpAttrsEnabled: FALSE
ads-enabled: TRUE
entryUUID: c20ace64-edae-4c45-a8e7-69e56d6933eb
objectClass: top
objectClass: ads-directoryService
objectClass: ads-base
entryParentId: 14bcc109-e28d-4c8f-93eb-c727e9d6c4fd

dn: ads-changeLogId=defaultChangeLog,ads-directoryServiceId=default,ou=config
ads-changeLogExposed: FALSE
entryCSN: 20210119014601.524000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-changeLog
ads-enabled: FALSE
entryUUID: 1e92267a-df10-460c-bac2-3c247f6edb78
ads-changeLogId: defaultChangeLog
entryParentId: c20ace64-edae-4c45-a8e7-69e56d6933eb

dn: ads-journalId=defaultJournal,ads-directoryServiceId=default,ou=config
ads-journalId: defaultJournal
ads-journalFileName: Journal.txt
entryCSN: 20210119014601.530000Z#000000#000#000000
objectClass: top
objectClass: ads-journal
objectClass: ads-base
ads-enabled: FALSE
entryUUID: 3bb74a1d-325e-4ae7-9ec1-dfdc3b1df9df
ads-journalWorkingDir: /
ads-journalRotation: 2
entryParentId: c20ace64-edae-4c45-a8e7-69e56d6933eb

dn: ou=interceptors,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014602.010000Z#000000#000#000000
entryUUID: cbc93cc6-78dc-46b1-ab73-539b19c4ea87
ou: interceptors
objectClass: top
objectClass: organizationalUnit
entryParentId: c20ace64-edae-4c45-a8e7-69e56d6933eb

dn: ads-interceptorId=aciAuthorizationInterceptor,ou=interceptors,ads-directoryS
 erviceId=default,ou=config
entryCSN: 20210119014602.164000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: ca211cfd-86b6-4b6d-b731-7632e46c6a24
ads-interceptorClassName: org.apache.directory.server.core.authz.AciAuthorizatio
 nInterceptor
ads-interceptorOrder: 4
ads-interceptorId: aciAuthorizationInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=administrativePointInterceptor,ou=interceptors,ads-directo
 ryServiceId=default,ou=config
entryCSN: 20210119014602.417000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 6399cc11-43f1-48b5-801d-7a5ad1dc0bfb
ads-interceptorClassName: org.apache.directory.server.core.admin.AdministrativeP
 ointInterceptor
ads-interceptorOrder: 6
ads-interceptorId: administrativePointInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directorySer
 viceId=default,ou=config
entryCSN: 20210119014602.230000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
objectClass: ads-authenticationInterceptor
ads-enabled: TRUE
entryUUID: 87d9eaed-f5fa-4d68-9674-e41a0dae528c
ads-interceptorClassName: org.apache.directory.server.core.authn.AuthenticationI
 nterceptor
ads-interceptorOrder: 2
ads-interceptorId: authenticationInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptor
 s,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014602.247000Z#000000#000#000000
entryUUID: c2c06abf-89ea-41bb-870f-073f0a367321
ou: authenticators
objectClass: top
objectClass: organizationalUnit
entryParentId: 87d9eaed-f5fa-4d68-9674-e41a0dae528c

dn: ads-authenticatorId=anonymousauthenticator,ou=authenticators,ads-interceptor
 Id=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=
 config
entryCSN: 20210119014602.347000Z#000000#000#000000
objectClass: top
objectClass: ads-authenticator
objectClass: ads-base
objectClass: ads-authenticatorImpl
ads-authenticatorId: anonymousauthenticator
ads-baseDn: 
ads-authenticatorClass: org.apache.directory.server.core.authn.AnonymousAuthenti
 cator
ads-enabled: TRUE
entryUUID: a4fc55cf-84bf-4ff1-bb69-d82104a52e18
entryParentId: c2c06abf-89ea-41bb-870f-073f0a367321

dn: ads-authenticatorId=delegatingauthenticator,ou=authenticators,ads-intercepto
 rId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou
 =config
entryCSN: 20210119014602.327000Z#000000#000#000000
objectClass: top
objectClass: ads-authenticator
objectClass: ads-base
objectClass: ads-authenticatorImpl
ads-authenticatorId: delegatingauthenticator
ads-baseDn: 
ads-authenticatorClass: org.apache.directory.server.core.authn.DelegatingAuthent
 icator
ads-enabled: FALSE
entryUUID: 646f876b-6044-4251-98d3-0268128377b9
entryParentId: c2c06abf-89ea-41bb-870f-073f0a367321

dn: ads-authenticatorId=simpleauthenticator,ou=authenticators,ads-interceptorId=
 authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=con
 fig
entryCSN: 20210119014602.282000Z#000000#000#000000
objectClass: top
objectClass: ads-authenticator
objectClass: ads-base
objectClass: ads-authenticatorImpl
ads-authenticatorId: simpleauthenticator
ads-baseDn: 
ads-authenticatorClass: org.apache.directory.server.core.authn.SimpleAuthenticat
 or
ads-enabled: TRUE
entryUUID: 8de4101c-98fe-44b0-b5c3-1426d39daca9
entryParentId: c2c06abf-89ea-41bb-870f-073f0a367321

dn: ads-authenticatorId=strongauthenticator,ou=authenticators,ads-interceptorId=
 authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=con
 fig
entryCSN: 20210119014602.307000Z#000000#000#000000
objectClass: top
objectClass: ads-authenticator
objectClass: ads-base
objectClass: ads-authenticatorImpl
ads-authenticatorId: strongauthenticator
ads-baseDn: 
ads-authenticatorClass: org.apache.directory.server.core.authn.StrongAuthenticat
 or
ads-enabled: TRUE
entryUUID: b8f83bea-f3e1-47e2-b9f4-3d8d65513072
entryParentId: c2c06abf-89ea-41bb-870f-073f0a367321

dn: ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=intercept
 ors,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014602.371000Z#000000#000#000000
entryUUID: d8651477-b05c-4ebe-815f-278f9e665a32
ou: passwordPolicies
objectClass: top
objectClass: organizationalUnit
entryParentId: 87d9eaed-f5fa-4d68-9674-e41a0dae528c

dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc
 eptor,ou=interceptors,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014602.394000Z#000000#000#000000
ads-pwdLockoutDuration: 0
ads-pwdAttribute: userPassword
ads-pwdId: default
ads-pwdLockout: TRUE
ads-pwdFailureCountInterval: 30
ads-pwdMaxFailure: 5
ads-pwdCheckQuality: 1
ads-enabled: TRUE
entryUUID: b95a7b38-145b-442d-90ae-abb70481e746
ads-pwdInHistory: 5
ads-pwdValidator: org.apache.directory.server.core.api.authn.ppolicy.DefaultPass
 wordValidator
ads-pwdMinLength: 5
ads-pwdGraceAuthNLimit: 5
ads-pwdExpireWarning: 600
objectClass: ads-passwordPolicy
objectClass: top
objectClass: ads-base
entryParentId: d8651477-b05c-4ebe-815f-278f9e665a32

dn: ads-interceptorId=collectiveAttributeInterceptor,ou=interceptors,ads-directo
 ryServiceId=default,ou=config
entryCSN: 20210119014602.214000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: b9ce0017-c465-4ea0-a81b-29a59eec0796
ads-interceptorClassName: org.apache.directory.server.core.collective.Collective
 AttributeInterceptor
ads-interceptorOrder: 12
ads-interceptorId: collectiveAttributeInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=defaultAuthorizationInterceptor,ou=interceptors,ads-direct
 oryServiceId=default,ou=config
entryCSN: 20210119014602.460000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 29268239-e304-494c-88f6-ddcc3f77a85a
ads-interceptorClassName: org.apache.directory.server.core.authz.DefaultAuthoriz
 ationInterceptor
ads-interceptorOrder: 5
ads-interceptorId: defaultAuthorizationInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=eventInterceptor,ou=interceptors,ads-directoryServiceId=de
 fault,ou=config
entryCSN: 20210119014602.124000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 74b78cb9-a999-452a-8fea-464c5df30f4b
ads-interceptorClassName: org.apache.directory.server.core.event.EventIntercepto
 r
ads-interceptorOrder: 14
ads-interceptorId: eventInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=exceptionInterceptor,ou=interceptors,ads-directoryServiceI
 d=default,ou=config
entryCSN: 20210119014602.147000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: c59de5cc-3680-482a-883c-d3b65531692f
ads-interceptorClassName: org.apache.directory.server.core.exception.ExceptionIn
 terceptor
ads-interceptorOrder: 7
ads-interceptorId: exceptionInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=journalInterceptor,ou=interceptors,ads-directoryServiceId=
 default,ou=config
entryCSN: 20210119014602.097000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 34f29379-b32a-4bd6-97b3-d87642069b2d
ads-interceptorClassName: org.apache.directory.server.core.journal.JournalInterc
 eptor
ads-interceptorOrder: 16
ads-interceptorId: journalInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-directoryServ
 iceId=default,ou=config
entryCSN: 20210119014602.439000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: FALSE
entryUUID: 736187c5-a0c3-4d9a-b296-cf6eb3f5b02c
ads-interceptorClassName: org.apache.directory.server.core.kerberos.KeyDerivatio
 nInterceptor
ads-interceptorOrder: 8
ads-interceptorId: keyDerivationInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=normalizationInterceptor,ou=interceptors,ads-directoryServ
 iceId=default,ou=config
entryCSN: 20210119014602.045000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 11abb69c-a312-47ec-9a2e-101a372053dd
ads-interceptorClassName: org.apache.directory.server.core.normalization.Normali
 zationInterceptor
ads-interceptorOrder: 1
ads-interceptorId: normalizationInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=numberInterceptor,ou=interceptors,ads-directoryServiceId=d
 efault,ou=config
entryCSN: 20210119014602.482000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: FALSE
entryUUID: b293d8a3-3bac-4ac4-999c-4a3234656f31
ads-interceptorClassName: org.apache.directory.server.core.number.NumberIncremen
 tingInterceptor
ads-interceptorOrder: 17
ads-interceptorId: numberInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=operationalAttributeInterceptor,ou=interceptors,ads-direct
 oryServiceId=default,ou=config
entryCSN: 20210119014602.179000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 4efb0a15-54b8-458c-b9ab-46a795f63d29
ads-interceptorClassName: org.apache.directory.server.core.operational.Operation
 alAttributeInterceptor
ads-interceptorOrder: 11
ads-interceptorId: operationalAttributeInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directorySe
 rviceId=default,ou=config
entryCSN: 20210119014602.506000Z#000000#000#000000
objectClass: ads-hashInterceptor
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-hashAlgorithm: SSHA
ads-hashAttribute: 2.5.4.35
ads-enabled: TRUE
entryUUID: fab6eb96-0a81-44d4-b9c2-13b1e9896d1a
ads-interceptorClassName: org.apache.directory.server.core.hash.ConfigurableHash
 ingInterceptor
ads-interceptorOrder: 9
ads-interceptorId: passwordHashingInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=referralInterceptor,ou=interceptors,ads-directoryServiceId
 =default,ou=config
entryCSN: 20210119014602.197000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: ab4e8488-7408-4d1e-b1ef-eb3b9a722541
ads-interceptorClassName: org.apache.directory.server.core.referral.ReferralInte
 rceptor
ads-interceptorOrder: 3
ads-interceptorId: referralInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=schemaInterceptor,ou=interceptors,ads-directoryServiceId=d
 efault,ou=config
entryCSN: 20210119014602.062000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 54c5ca55-d8c3-468b-9fc6-a6beef7afc10
ads-interceptorClassName: org.apache.directory.server.core.schema.SchemaIntercep
 tor
ads-interceptorOrder: 10
ads-interceptorId: schemaInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=subentryInterceptor,ou=interceptors,ads-directoryServiceId
 =default,ou=config
entryCSN: 20210119014602.080000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 0eb01512-85d5-4a4b-9405-3bcc91e20ca3
ads-interceptorClassName: org.apache.directory.server.core.subtree.SubentryInter
 ceptor
ads-interceptorOrder: 13
ads-interceptorId: subentryInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ads-interceptorId=triggerInterceptor,ou=interceptors,ads-directoryServiceId=
 default,ou=config
entryCSN: 20210119014602.027000Z#000000#000#000000
objectClass: ads-interceptor
objectClass: top
objectClass: ads-base
ads-enabled: TRUE
entryUUID: 7165d51c-3982-42f5-944e-19d50c5f03ea
ads-interceptorClassName: org.apache.directory.server.core.trigger.TriggerInterc
 eptor
ads-interceptorOrder: 15
ads-interceptorId: triggerInterceptor
entryParentId: cbc93cc6-78dc-46b1-ab73-539b19c4ea87

dn: ou=partitions,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014602.533000Z#000000#000#000000
entryUUID: d2c6cf7b-c060-4b93-a70b-fe2e66824e66
ou: partitions
objectClass: top
objectClass: organizationalUnit
entryParentId: c20ace64-edae-4c45-a8e7-69e56d6933eb

dn: ads-partitionId=system,ou=partitions,ads-directoryServiceId=default,ou=confi
 g
entryCSN: 20210119014602.924000Z#000000#000#000000
objectClass: top
objectClass: ads-partition
objectClass: ads-base
objectClass: ads-jdbmPartition
ads-enabled: TRUE
ads-partitionSuffix: ou=system
entryUUID: 891d7933-506f-4d55-bce4-872d2cc91528
ads-partitionId: system
ads-partitionCacheSize: 10000
ads-partitionSyncOnWrite: TRUE
entryParentId: d2c6cf7b-c060-4b93-a70b-fe2e66824e66

dn: ou=indexes,ads-partitionId=system,ou=partitions,ads-directoryServiceId=defau
 lt,ou=config
entryCSN: 20210119014602.951000Z#000000#000#000000
entryUUID: b7f4e0a5-525f-49f2-bc9e-25ca367516fe
ou: indexes
objectClass: top
objectClass: organizationalUnit
entryParentId: 891d7933-506f-4d55-bce4-872d2cc91528

dn: ads-indexAttributeId=uid,ou=indexes,ads-partitionId=system,ou=partitions,ads
 -directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.170000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: uid
ads-enabled: TRUE
entryUUID: 5946f367-1abd-4ebf-a358-474767a8e903
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=apachePresence,ou=indexes,ads-partitionId=system,ou=par
 titions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.139000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apachePresence
ads-enabled: TRUE
entryUUID: 38ec94b2-7714-416b-8e6e-6d9eaecf2f12
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=apacheOneAlias,ou=indexes,ads-partitionId=system,ou=par
 titions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.199000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheOneAlias
ads-enabled: TRUE
entryUUID: 192aa05f-fa7c-4bbd-9b9e-7f3d83e381ec
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=apacheRdn,ou=indexes,ads-partitionId=system,ou=partitio
 ns,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: TRUE
entryCSN: 20210119014603.025000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheRdn
ads-enabled: TRUE
entryUUID: a8e4cf6e-8225-491b-80f5-d88742c2eb86
ads-indexCacheSize: 1000
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=apacheSubAlias,ou=indexes,ads-partitionId=system,ou=par
 titions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.295000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheSubAlias
ads-enabled: TRUE
entryUUID: d574fc9d-39c8-4b95-a13a-797bb17e062f
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=apacheAlias,ou=indexes,ads-partitionId=system,ou=partit
 ions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.982000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheAlias
ads-enabled: TRUE
entryUUID: 66e61eef-2880-4a6f-b893-86072b05413e
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=entryCSN,ou=indexes,ads-partitionId=system,ou=partition
 s,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.231000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: entryCSN
ads-enabled: TRUE
entryUUID: a9903f79-26fa-4ebf-837e-cd9353c4b254
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=administrativeRole,ou=indexes,ads-partitionId=system,ou
 =partitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.263000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: administrativeRole
ads-enabled: TRUE
entryUUID: e3558999-0f93-4b3d-aef1-4425b9648d78
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=objectClass,ou=indexes,ads-partitionId=system,ou=partit
 ions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.078000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: objectClass
ads-enabled: TRUE
entryUUID: b36b3d79-a7a7-46e9-977e-426bfc450dcd
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-indexAttributeId=ou,ou=indexes,ads-partitionId=system,ou=partitions,ads-
 directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014603.108000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: ou
ads-enabled: TRUE
entryUUID: 332b949f-a5c0-43c5-8fec-b28796aca511
entryParentId: b7f4e0a5-525f-49f2-bc9e-25ca367516fe

dn: ads-partitionId=winterco,ou=partitions,ads-directoryServiceId=default,ou=con
 fig
ads-contextEntry:: ZG46IGRjPXdpbnRlcmNvLGRjPW9yZwpvYmplY3RjbGFzczogZG9tYWluCm9ia
 mVjdGNsYXNzOiB0b3AKZGM6IHdpbnRlcmNvCgo=
entryCSN: 20210119014602.556000Z#000000#000#000000
objectClass: top
objectClass: ads-partition
objectClass: ads-base
objectClass: ads-jdbmPartition
ads-enabled: TRUE
ads-partitionSuffix: dc=winterco,dc=org
entryUUID: 66a9d4d8-cd8a-4567-a2ec-42f37c54cbff
ads-partitionId: winterco
ads-partitionCacheSize: 10000
ads-partitionSyncOnWrite: TRUE
entryParentId: d2c6cf7b-c060-4b93-a70b-fe2e66824e66

dn: ou=indexes,ads-partitionId=winterco,ou=partitions,ads-directoryServiceId=def
 ault,ou=config
entryCSN: 20210119014602.587000Z#000000#000#000000
entryUUID: cd8b1145-dace-4ac4-a2ef-405c2e8907e4
ou: indexes
objectClass: top
objectClass: organizationalUnit
entryParentId: 66a9d4d8-cd8a-4567-a2ec-42f37c54cbff

dn: ads-indexAttributeId=uid,ou=indexes,ads-partitionId=winterco,ou=partitions,a
 ds-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.631000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: uid
ads-enabled: TRUE
entryUUID: 8c7b8705-d05a-4726-a5f3-fdbd73e2a2e0
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=dc,ou=indexes,ads-partitionId=winterco,ou=partitions,ad
 s-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.761000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: dc
ads-enabled: TRUE
entryUUID: 2ef3886b-108f-4449-8bd9-976bf40e2880
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=apachePresence,ou=indexes,ads-partitionId=winterco,ou=p
 artitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.732000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apachePresence
ads-enabled: TRUE
entryUUID: d54c6491-2c13-4b3c-a1df-3c51a2197be7
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=apacheOneAlias,ou=indexes,ads-partitionId=winterco,ou=p
 artitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.655000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheOneAlias
ads-enabled: TRUE
entryUUID: 0c5ed610-8af1-48a5-aaa1-ee3e9cd74c90
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=apacheRdn,ou=indexes,ads-partitionId=winterco,ou=partit
 ions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: TRUE
entryCSN: 20210119014602.678000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheRdn
ads-enabled: TRUE
entryUUID: 5a6968c7-5e36-494d-b4e3-8a7266cb3900
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=apacheSubAlias,ou=indexes,ads-partitionId=winterco,ou=p
 artitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.787000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheSubAlias
ads-enabled: TRUE
entryUUID: a4984177-d6a3-4e9a-8478-9087bf46f57f
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=apacheAlias,ou=indexes,ads-partitionId=winterco,ou=part
 itions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.813000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: apacheAlias
ads-enabled: TRUE
entryUUID: bfd7c8d3-1c06-4176-b283-0960f059e73f
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=entryCSN,ou=indexes,ads-partitionId=winterco,ou=partiti
 ons,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.609000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: entryCSN
ads-enabled: TRUE
entryUUID: 447a42f3-419b-42b6-a6a7-2c3e5cd71079
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=administrativeRole,ou=indexes,ads-partitionId=winterco,
 ou=partitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.705000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: administrativeRole
ads-enabled: TRUE
entryUUID: e913f620-b19d-43bf-8960-0f235c1960f8
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=objectClass,ou=indexes,ads-partitionId=winterco,ou=part
 itions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.839000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: objectClass
ads-enabled: TRUE
entryUUID: 793d2cff-83f3-4a64-b14d-43c25f0e364b
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=ou,ou=indexes,ads-partitionId=winterco,ou=partitions,ad
 s-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.866000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: ou
ads-enabled: TRUE
entryUUID: a8b8dcee-b805-4896-b72d-eed816dd6f23
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ads-indexAttributeId=krb5PrincipalName,ou=indexes,ads-partitionId=winterco,o
 u=partitions,ads-directoryServiceId=default,ou=config
ads-indexHasReverse: FALSE
entryCSN: 20210119014602.896000Z#000000#000#000000
objectClass: ads-index
objectClass: top
objectClass: ads-jdbmIndex
objectClass: ads-base
ads-indexAttributeId: krb5PrincipalName
ads-enabled: TRUE
entryUUID: 2d813bae-e396-4080-a8e7-9af982867e99
entryParentId: cd8b1145-dace-4ac4-a2ef-405c2e8907e4

dn: ou=servers,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014601.537000Z#000000#000#000000
entryUUID: 133f4142-e73c-423a-9cde-4b0e13315293
ou: servers
objectClass: top
objectClass: organizationalUnit
entryParentId: c20ace64-edae-4c45-a8e7-69e56d6933eb

dn: ads-serverId=changePasswordServer,ou=servers,ads-directoryServiceId=default,
 ou=config
entryCSN: 20210119014601.943000Z#000000#000#000000
objectClass: ads-server
objectClass: ads-changePasswordServer
objectClass: top
objectClass: ads-base
objectClass: ads-dsBasedServer
ads-serverId: changePasswordServer
ads-enabled: FALSE
entryUUID: e76b23b8-c1d3-405c-8841-333459e822eb
entryParentId: 133f4142-e73c-423a-9cde-4b0e13315293

dn: ou=transports,ads-serverId=changePasswordServer,ou=servers,ads-directoryServ
 iceId=default,ou=config
entryCSN: 20210119014601.960000Z#000000#000#000000
entryUUID: 810f7ff0-5cc6-46e0-869c-724cae4d46eb
ou: transports
objectClass: top
objectClass: organizationalUnit
entryParentId: e76b23b8-c1d3-405c-8841-333459e822eb

dn: ads-transportId=tcp,ou=transports,ads-serverId=changePasswordServer,ou=serve
 rs,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014601.993000Z#000000#000#000000
ads-transportId: tcp
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 60464
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 13920149-7e90-42cd-8eea-e972bc7deffe
ads-transportNbThreads: 2
entryParentId: 810f7ff0-5cc6-46e0-869c-724cae4d46eb

dn: ads-transportId=udp,ou=transports,ads-serverId=changePasswordServer,ou=serve
 rs,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014601.977000Z#000000#000#000000
ads-transportId: udp
objectClass: ads-udpTransport
objectClass: top
objectClass: ads-base
objectClass: ads-transport
ads-systemPort: 60464
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 10b6c5e1-8925-4c72-89e6-38ce6866fdd8
ads-transportNbThreads: 2
entryParentId: 810f7ff0-5cc6-46e0-869c-724cae4d46eb

dn: ads-serverId=httpServer,ou=servers,ads-directoryServiceId=default,ou=config
entryCSN: 20210119014601.546000Z#000000#000#000000
objectClass: ads-server
objectClass: ads-httpServer
objectClass: top
objectClass: ads-base
ads-serverId: httpServer
ads-enabled: FALSE
entryUUID: 43a1aac8-e7b8-4052-8183-5ad7ac712963
entryParentId: 133f4142-e73c-423a-9cde-4b0e13315293

dn: ou=httpWebApps,ads-serverId=httpServer,ou=servers,ads-directoryServiceId=def
 ault,ou=config
entryCSN: 20210119014601.555000Z#000000#000#000000
entryUUID: b84cd07c-ec16-4e97-a467-b0e207f94683
ou: httpWebApps
objectClass: top
objectClass: organizationalUnit
entryParentId: 43a1aac8-e7b8-4052-8183-5ad7ac712963

dn: ads-id=testapp,ou=httpWebApps,ads-serverId=httpServer,ou=servers,ads-directo
 ryServiceId=default,ou=config
entryCSN: 20210119014601.565000Z#000000#000#000000
objectClass: top
objectClass: ads-httpWebApp
objectClass: ads-base
ads-httpAppCtxPath: /foo
ads-httpWarFile: /path/to/foo/war
ads-enabled: FALSE
entryUUID: e154866d-2786-4f0d-b8d2-8a1fecbf55d1
ads-id: testapp
entryParentId: b84cd07c-ec16-4e97-a467-b0e207f94683

dn: ou=transports,ads-serverId=httpServer,ou=servers,ads-directoryServiceId=defa
 ult,ou=config
entryCSN: 20210119014601.577000Z#000000#000#000000
entryUUID: 018e5f16-7874-4315-8a9a-3f6a21582916
ou: transports
objectClass: top
objectClass: organizationalUnit
entryParentId: 43a1aac8-e7b8-4052-8183-5ad7ac712963

dn: ads-transportId=http,ou=transports,ads-serverId=httpServer,ou=servers,ads-di
 rectoryServiceId=default,ou=config
entryCSN: 20210119014601.593000Z#000000#000#000000
ads-transportId: http
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 8080
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 4ab19cb1-87ca-4d20-b31f-cffec6008a28
entryParentId: 018e5f16-7874-4315-8a9a-3f6a21582916

dn: ads-transportId=https,ou=transports,ads-serverId=httpServer,ou=servers,ads-d
 irectoryServiceId=default,ou=config
entryCSN: 20210119014601.631000Z#000000#000#000000
ads-transportId: https
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 8443
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 24e3f6dd-fea0-4821-a6ce-8eefd4372b71
entryParentId: 018e5f16-7874-4315-8a9a-3f6a21582916

dn: ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=con
 fig
entryCSN: 20210119014601.888000Z#000000#000#000000
ads-krbMaximumTicketLifetime: 86400000
ads-krbBodyChecksumVerified: TRUE
ads-krbEncryptionTypes: aes128-cts-hmac-sha1-96
ads-krbEncryptionTypes: des3-cbc-sha1-kd
ads-krbEncryptionTypes: des-cbc-md5
ads-krbAllowableClockSkew: 300000
ads-krbPrimaryRealm: EXAMPLE.COM
ads-krbForwardableAllowed: TRUE
ads-krbEmptyAddressesAllowed: TRUE
ads-searchBaseDN: ou=users,dc=example,dc=com
ads-krbPostdatedAllowed: TRUE
ads-krbPAEncTimestampRequired: TRUE
ads-krbRenewableAllowed: TRUE
ads-krbProxiableAllowed: TRUE
ads-krbMaximumRenewableLifetime: 604800000
ads-enabled: FALSE
entryUUID: 49e631fe-1bcd-40bc-bb88-bbbd1f1514fb
objectClass: ads-server
objectClass: top
objectClass: ads-base
objectClass: ads-kdcServer
objectClass: ads-dsBasedServer
ads-serverId: kerberosServer
entryParentId: 133f4142-e73c-423a-9cde-4b0e13315293

dn: ou=transports,ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=
 default,ou=config
entryCSN: 20210119014601.902000Z#000000#000#000000
entryUUID: 094f5eb8-0756-453e-860b-0e1648eec90b
ou: transports
objectClass: top
objectClass: organizationalUnit
entryParentId: 49e631fe-1bcd-40bc-bb88-bbbd1f1514fb

dn: ads-transportId=tcp,ou=transports,ads-serverId=kerberosServer,ou=servers,ads
 -directoryServiceId=default,ou=config
entryCSN: 20210119014601.917000Z#000000#000#000000
ads-transportId: tcp
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 60088
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 1ed26945-52ca-4efd-9ac8-fd1323a975c4
ads-transportNbThreads: 4
entryParentId: 094f5eb8-0756-453e-860b-0e1648eec90b

dn: ads-transportId=udp,ou=transports,ads-serverId=kerberosServer,ou=servers,ads
 -directoryServiceId=default,ou=config
entryCSN: 20210119014601.930000Z#000000#000#000000
ads-transportId: udp
objectClass: ads-udpTransport
objectClass: top
objectClass: ads-base
objectClass: ads-transport
ads-systemPort: 60088
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: bb79220f-8a09-4263-af68-a6d6eee8a5b7
ads-transportNbThreads: 4
entryParentId: 094f5eb8-0756-453e-860b-0e1648eec90b

dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-maxPDUSize: 2000000
entryCSN: 20210119014601.639000Z#000000#000#000000
ads-confidentialityRequired: FALSE
ads-maxSizeLimit: 1000
ads-saslHost: ldap.winterco.org
ads-maxTimeLimit: 15000
ads-searchBaseDN: ou=users,dc=winterco,dc=org
ads-saslRealms: apache.org
ads-saslRealms: winterco.org
ads-saslPrincipal: ldap/ldap.winterco.org@WINTERCO.ORG
ads-replPingerSleep: 5
ads-replEnabled: TRUE
ads-enabled: TRUE
entryUUID: 7ac90a97-da69-4a17-a73e-6a16d8656ef9
objectClass: ads-server
objectClass: top
objectClass: ads-ldapServer
objectClass: ads-base
objectClass: ads-dsBasedServer
ads-serverId: ldapServer
entryParentId: 133f4142-e73c-423a-9cde-4b0e13315293

dn: ou=extendedOpHandlers,ads-serverId=ldapServer,ou=servers,ads-directoryServic
 eId=default,ou=config
entryCSN: 20210119014601.732000Z#000000#000#000000
entryUUID: 2eef026d-e4df-4420-a878-dd3a4f4c5d85
ou: extendedOpHandlers
objectClass: top
objectClass: organizationalUnit
entryParentId: 7ac90a97-da69-4a17-a73e-6a16d8656ef9

dn: ads-extendedOpId=endTransactionHandler,ou=extendedOpHandlers,ads-serverId=ld
 apServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: endTransactionHandler
entryCSN: 20210119014601.795000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.E
 ndTransactionHandler
ads-enabled: TRUE
entryUUID: 62c47782-e780-4bfb-8c10-d94a5ec1b13e
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=gracefulShutdownHandler,ou=extendedOpHandlers,ads-serverId=
 ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: gracefulShutdownHandler
entryCSN: 20210119014601.755000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.G
 racefulShutdownHandler
ads-enabled: TRUE
entryUUID: 71982a70-4766-4f5a-a317-c2d1f2b07787
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=pwdModifyHandler,ou=extendedOpHandlers,ads-serverId=ldapSer
 ver,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: pwdModifyHandler
entryCSN: 20210119014601.780000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.P
 wdModifyHandler
ads-enabled: TRUE
entryUUID: 8fe389c9-c1dd-4b30-a7b3-b0ba18eebde4
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=startTransactionHandler,ou=extendedOpHandlers,ads-serverId=
 ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: startTransactionHandler
entryCSN: 20210119014601.825000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.S
 tartTransactionHandler
ads-enabled: TRUE
entryUUID: a63468d6-205c-4b78-ae2f-7969e3f122c9
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=starttlshandler,ou=extendedOpHandlers,ads-serverId=ldapServ
 er,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: starttlshandler
entryCSN: 20210119014601.809000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.S
 tartTlsHandler
ads-enabled: TRUE
entryUUID: d081b9d1-67ad-488a-a35b-82b4a9ee8486
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=storedprochandler,ou=extendedOpHandlers,ads-serverId=ldapSe
 rver,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: storedprochandler
entryCSN: 20210119014601.744000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.S
 toredProcedureExtendedOperationHandler
ads-enabled: FALSE
entryUUID: a6ab5593-55fe-4ce2-ab9a-dfc59b149c91
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ads-extendedOpId=whoAmIHandler,ou=extendedOpHandlers,ads-serverId=ldapServer
 ,ou=servers,ads-directoryServiceId=default,ou=config
ads-extendedOpId: whoAmIHandler
entryCSN: 20210119014601.767000Z#000000#000#000000
objectClass: top
objectClass: ads-base
objectClass: ads-extendedOpHandler
ads-extendedOpHandlerClass: org.apache.directory.server.ldap.handlers.extended.W
 hoAmIHandler
ads-enabled: TRUE
entryUUID: a24fe678-3602-4ce1-9ed3-7d4ed8884cf3
entryParentId: 2eef026d-e4df-4420-a878-dd3a4f4c5d85

dn: ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=d
 efault,ou=config
entryCSN: 20210119014601.647000Z#000000#000#000000
entryUUID: d0038fd1-764f-4618-bfac-1d048c2fb911
ou: replConsumers
objectClass: top
objectClass: organizationalUnit
entryParentId: 7ac90a97-da69-4a17-a73e-6a16d8656ef9

dn: ou=saslMechHandlers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceI
 d=default,ou=config
entryCSN: 20210119014601.657000Z#000000#000#000000
entryUUID: 12a06527-3d01-4311-b6f0-50953de45fa0
ou: saslMechHandlers
objectClass: top
objectClass: organizationalUnit
entryParentId: 7ac90a97-da69-4a17-a73e-6a16d8656ef9

dn: ads-saslMechName=CRAM-MD5,ou=saslMechHandlers,ads-serverId=ldapServer,ou=ser
 vers,ads-directoryServiceId=default,ou=config
ads-saslMechName: CRAM-MD5
entryCSN: 20210119014601.697000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.cramMD5.Cr
 amMd5MechanismHandler
ads-enabled: TRUE
entryUUID: ec2de8c5-192d-4698-be69-636b752b5542
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ads-saslMechName=DIGEST-MD5,ou=saslMechHandlers,ads-serverId=ldapServer,ou=s
 ervers,ads-directoryServiceId=default,ou=config
ads-saslMechName: DIGEST-MD5
entryCSN: 20210119014601.721000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.digestMD5.
 DigestMd5MechanismHandler
ads-enabled: TRUE
entryUUID: 7d930f2a-4693-4944-959e-233006159ef6
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ads-saslMechName=GSS-SPNEGO,ou=saslMechHandlers,ads-serverId=ldapServer,ou=s
 ervers,ads-directoryServiceId=default,ou=config
ads-ntlmMechProvider: com.foo.Bar
ads-saslMechName: GSS-SPNEGO
entryCSN: 20210119014601.676000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmM
 echanismHandler
ads-enabled: FALSE
entryUUID: 0faf585a-ba73-4253-b96e-920a541f4d5d
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ads-saslMechName=GSSAPI,ou=saslMechHandlers,ads-serverId=ldapServer,ou=serve
 rs,ads-directoryServiceId=default,ou=config
ads-saslMechName: GSSAPI
entryCSN: 20210119014601.709000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.gssapi.Gss
 apiMechanismHandler
ads-enabled: FALSE
entryUUID: 30057921-2e28-4f7a-a252-b2eea32368ef
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ads-saslMechName=NTLM,ou=saslMechHandlers,ads-serverId=ldapServer,ou=servers
 ,ads-directoryServiceId=default,ou=config
ads-ntlmMechProvider: com.foo.Bar
ads-saslMechName: NTLM
entryCSN: 20210119014601.687000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmM
 echanismHandler
ads-enabled: FALSE
entryUUID: 3495a15a-3bc2-472e-ba09-003b774a440c
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ads-saslMechName=SIMPLE,ou=saslMechHandlers,ads-serverId=ldapServer,ou=serve
 rs,ads-directoryServiceId=default,ou=config
ads-saslMechName: SIMPLE
entryCSN: 20210119014601.665000Z#000000#000#000000
objectClass: top
objectClass: ads-saslMechHandler
objectClass: ads-base
ads-saslMechClassName: org.apache.directory.server.ldap.handlers.sasl.SimpleMech
 anismHandler
ads-enabled: TRUE
entryUUID: 94020b4a-cf03-4ab9-9597-0974fd0033fd
entryParentId: 12a06527-3d01-4311-b6f0-50953de45fa0

dn: ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=defa
 ult,ou=config
entryCSN: 20210119014601.840000Z#000000#000#000000
entryUUID: 52d086d9-06f7-40d8-82ce-946ac56163a6
ou: transports
objectClass: top
objectClass: organizationalUnit
entryParentId: 7ac90a97-da69-4a17-a73e-6a16d8656ef9

dn: ads-transportId=ldap,ou=transports,ads-serverId=ldapServer,ou=servers,ads-di
 rectoryServiceId=default,ou=config
entryCSN: 20210119014601.873000Z#000000#000#000000
ads-enabledProtocols: TLSv1.2
ads-transportId: ldap
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 10389
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 2f0ae9fe-c448-4af0-8ab7-000163f6b9a7
ads-transportNbThreads: 8
entryParentId: 52d086d9-06f7-40d8-82ce-946ac56163a6

dn: ads-transportId=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-d
 irectoryServiceId=default,ou=config
entryCSN: 20210119014601.856000Z#000000#000#000000
ads-enabledProtocols: TLSv1.2
ads-transportId: ldaps
objectClass: top
objectClass: ads-base
objectClass: ads-transport
objectClass: ads-tcpTransport
ads-systemPort: 10636
ads-transportAddress: 0.0.0.0
ads-enabled: TRUE
entryUUID: 8ddb936d-86ef-4444-991c-dc373dd59b2c
ads-transportEnableSsl: TRUE
entryParentId: 52d086d9-06f7-40d8-82ce-946ac56163a6

```

There was, until I disabled the ACL completely and found out the issue is still present.

After changing to superuser account, 

```
Psy Shell v0.10.5 (PHP 8.0.1 — cli) by Justin Hileman
>>> \App\Ldap\Server::where('cn', '=', 'accounts')->first()
=> null

I guess no. To enlighten current situation:

>>> use LdapRecord\Container;
>>> $conn = Container::getDefaultConnection()
=> LdapRecord\Connection {#235}
>>> $conn->query()->where('cn', '=', 'accounts')->first()
=> [
     "cn" => [
       "count" => 1,
       0 => "accounts",
     ],
     0 => "cn",
     "objectclass" => [
       "count" => 3,
       0 => "top",
       1 => "device",
       2 => "simpleSecurityObject",
     ],
     1 => "objectclass",
     "userpassword" => [
       "count" => 1,
       0 => "{SSHA}*******",
     ],
     2 => "userpassword",
     "count" => 3,
     "dn" => "cn=accounts,ou=servers,dc=winterco,dc=org",
   ]
>>>

stevebauman commented 3 years ago

Thanks for posting all of that! I see... We’ll get to the bottom of this.

I see you’re using PHP 8, does using PHP 7.3-7.4 change your results using models at all?

wfjsw commented 3 years ago

Psy Shell v0.10.5 (PHP 7.4.14 — cli) by Justin Hileman
>>> \App\Ldap\Server::where('cn', '=', 'accounts')->first()
=> null

Nop

stevebauman commented 3 years ago

Okay -- can you post your LDAP config array that you have inside of your config/ldap.php file, or your .env file?

For example:

LDAP_LOGGING=true
LDAP_CONNECTION=default
LDAP_HOST=127.0.0.1
LDAP_USERNAME="cn=user,dc=local,dc=com"
LDAP_PASSWORD={omitted}
LDAP_PORT=389
LDAP_BASE_DN="dc=local,dc=com"
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false

wfjsw commented 3 years ago

Here you are:

LDAP_LOGGING=true
LDAP_CONNECTION=default
LDAP_HOST=127.0.0.1
# LDAP_USERNAME="cn=accounts,ou=servers,dc=winterco,dc=org"
# LDAP_PASSWORD=?
LDAP_USERNAME="uid=admin,ou=system"
LDAP_PASSWORD=?
LDAP_PORT=10389
LDAP_BASE_DN="dc=winterco,dc=org"
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false

stevebauman commented 3 years ago

Ok, everything looks fine there.

Let's start from scratch and go step by step. Can you create a blank Server model and extend from the current, then attempt to retrieve results:

namespace App\Ldap;

use LdapRecord\Models\Entry;
use LdapRecord\Query\Builder;

class Server extends Entry
{
    //
}

\App\Ldap\Server::get();

Do you get all entries from your directory? Including those inside the server OU?

If you're on the latest LdapRecord-Laravel v2.0, you can also utilize the php artisan ldap:browse command to explore your directory and see this in an easier way. Report back and we'll continue from there 👍

wfjsw commented 3 years ago

php artisan ldap:browse works pretty fine.

>>> var_dump(\App\Ldap\Entry::get())
object(LdapRecord\Models\Collection)#3508 (1) {
  ["items":protected]=>
  array(4) {
    [0]=>
    object(App\Ldap\Entry)#3527 (14) {
      ["exists"]=>
      bool(true)
      ["dn":protected]=>
      string(41) "cn=accounts,ou=servers,dc=winterco,dc=org"
      ["in":protected]=>
      NULL
      ["connection":protected]=>
      NULL
      ["guidKey":protected]=>
      string(10) "objectguid"
      ["modifications":protected]=>
      array(0) {
      }
      ["original":protected]=>
      array(3) {
        ["cn"]=>
        array(1) {
          [0]=>
          string(8) "accounts"
        }
        ["objectclass"]=>
        array(3) {
          [0]=>
          string(3) "top"
          [1]=>
          string(6) "device"
          [2]=>
          string(20) "simpleSecurityObject"
        }
............

It does work. As stated in the beginning, results only start to disappear when I trying to add constraints to Models such as $objectClasses and scopes.

stevebauman commented 3 years ago

Ok great.

>>> var_dump(\App\Ldap\Entry::get())
object(LdapRecord\Models\Collection)#3508 (1) {
  ["items":protected]=>
  array(4) {

By the looks from the above result -- you only have 4 objects total in your LDAP server, correct?

results only start to disappear when I trying to add constraints to Models such as $objectClasses and scopes.

Are you able to query for objects that contain the server object classes using the raw query builder and have them all successfully returned? I.e.:

$connection->query()->where('objectclass', '=', 'simpleSecurityObject')->get();

Models simply proxy query clauses to an extended raw query builder instance -- so it's imperative that we ensure the raw query builder returns the objects you expect by adding all of the necessary filters that you've attempted to add in the model itself.

I would also test the scope you would like to integrate into the Server model by running:

// Do you get the results you expect from this query?
$results = $connection->query()
    ->in('ou=servers,dc=winterco,dc=org')
    ->where('objectclass', '=', 'simpleSecurityObject')
    ->get();

If you're able to receive all of the expected results from the above query, try adding additional filters and see if you're still able to get the same results:

// Do you get the results you expect from this query?
$results = $connection->query()
    ->in('ou=servers,dc=winterco,dc=org')
    ->where('objectclass', '=', 'top')
    ->where('objectclass', '=', 'device')
    ->where('objectclass', '=', 'simpleSecurityObject')
    ->get();

Let me know your results from the above and we'll keep on going!

wfjsw commented 3 years ago

Psy Shell v0.10.5 (PHP 8.0.1 — cli) by Justin Hileman
>>> use LdapRecord\Container;
>>> $conn = Container::getDefaultConnection()
=> LdapRecord\Connection {#235}
>>> $conn->query()->where('objectclass', '=', 'simpleSecurityObject')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "device",
         2 => "simpleSecurityObject",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=servers,dc=winterco,dc=org",
     ],
   ]

>>> $conn->query()->in('ou=servers,dc=winterco,dc=org')->where('objectclass', '=', 'simpleSecurityObject')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "device",
         2 => "simpleSecurityObject",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=servers,dc=winterco,dc=org",
     ],
   ]

>>> $conn->query()->in('ou=servers,dc=winterco,dc=org')->where('objectclass', '=', 'top')->where('objectclass', '=', 'de
vice')->where('objectclass', '=', 'simpleSecurityObject')->get();
=> []

stevebauman commented 3 years ago

It seems your LDAP server is only returning you the account that you are binding to your LDAP server with.

Do you only have one (1) object in the servers OU with a total of four (4) objects in your entire LDAP directory? Can you try moving this object to a different OU and attempt the same query that you posted last?:

$conn->query()
    ->in('ou=new-ou,dc=winterco,dc=org')
    ->where('objectclass', '=', 'top')
    ->where('objectclass', '=', 'device')
    ->where('objectclass', '=', 'simpleSecurityObject')
    ->get();

Or even move it into the root (base DN) of your LDAP directory and give it another shot?

It's bizarre that adding the additional upper objectclasses in the query returns no results from your server. This is leading me to believe that it's either a strange configuration issue, or permissions.

wfjsw commented 3 years ago

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'top')->where('objectclass', '=', 'devi
ce')->where('objectclass', '=', 'simpleSecurityObject')->get();
=> []

This command is run under superuser permission. I sorta believe that ApacheDS is not properly handling multiple where clause.

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'simpleSecurityObject')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "simpleSecurityObject",
         2 => "device",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=users,dc=winterco,dc=org",
     ],
   ]
>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'device')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "simpleSecurityObject",
         2 => "device",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=users,dc=winterco,dc=org",
     ],
   ]

I'm not sure now.

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'device')->where('objectclass', '=', 's
impleSecurityObject')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "simpleSecurityObject",
         2 => "device",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=users,dc=winterco,dc=org",
     ],
   ]
>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'top')->where('objectclass', '=', 'devi
ce')->get();
=> []
>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->where('objectclass', '=', 'top')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "simpleSecurityObject",
         2 => "device",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=users,dc=winterco,dc=org",
     ],
     [
       "ou" => [
         "count" => 1,
         0 => "users",
       ],
       0 => "ou",
       "objectclass" => [
         "count" => 2,
         0 => "top",
         1 => "organizationalUnit",
       ],
       1 => "objectclass",
       "count" => 2,
       "dn" => "ou=users,dc=winterco,dc=org",
     ],
   ]

stevebauman commented 3 years ago

That's really bizarre... I've never seen this behaviour before...

I sorta believe that ApacheDS is not properly handling multiple where clause.

You can test this by providing a raw filter instead of using the LdapRecord query builder to ensure that this issue isn't with LdapRecord:

$conn->query()
    ->in('ou=users,dc=winterco,dc=org')
    ->rawFilter('(&(objectclass=top)(objectclass=device)(objectclass= simpleSecurityObject))')
    ->get();

If you receive no results, there's something strange going on in the server itself... Let me know!

wfjsw commented 3 years ago

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->rawFilter('(&(objectclass=top)(objectclass=device)(objectclass=si
mpleSecurityObject))')->get();
=> []

Genuinely weird.

However this works:

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->rawFilter('(&(cn=accounts)(objectclass=device)(objectclass=simple
SecurityObject))')->get();
=> [
     [
       "cn" => [
         "count" => 1,
         0 => "accounts",
       ],
       0 => "cn",
       "objectclass" => [
         "count" => 3,
         0 => "top",
         1 => "simpleSecurityObject",
         2 => "device",
       ],
       1 => "objectclass",
       "userpassword" => [
         "count" => 1,
         0 => "xxx",
       ],
       2 => "userpassword",
       "count" => 3,
       "dn" => "cn=accounts,ou=users,dc=winterco,dc=org",
     ],
   ]

So probably I should just remove top from object classes.

stevebauman commented 3 years ago

That's so strange!

So probably I should just remove top from object classes.

Are the object classes for this particular object correct? Since it's an account and not a device, should they be:

top
simpleSecurityObject
account

https://developers.redhat.com/blog/2020/08/11/secure-authentication-with-red-hat-amq-7-7-and-apacheds-ldap-server/

Though I don't have any experience with Apache DS, I may be wrong.

I'd love to get to the bottom of this with you to be able to add this in the docs for any future developers 👍

wfjsw commented 3 years ago

Let's make a new one and see what is going on.

>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->rawFilter('(&(objectclass=account))')->get();
=> [
     [
       "objectclass" => [
         "count" => 2,
         0 => "top",
         1 => "account",
       ],
       0 => "objectclass",
       "uid" => [
         "count" => 1,
         0 => "12314",
       ],
       1 => "uid",
       "count" => 2,
       "dn" => "uid=12314,ou=users,dc=winterco,dc=org",
     ],
   ]
>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->rawFilter('(&(objectclass=top)(objectclass=account))')->get();
=> []
>>> $conn->query()->in('ou=users,dc=winterco,dc=org')->rawFilter('(&(objectclass=top))')->get();
=> [
     [
       "objectclass" => [
         "count" => 2,
         0 => "top",
         1 => "account",
       ],
       0 => "objectclass",
       "uid" => [
         "count" => 1,
         0 => "12314",
       ],
       1 => "uid",
       "count" => 2,
       "dn" => "uid=12314,ou=users,dc=winterco,dc=org",
     ],
     [
       "ou" => [
         "count" => 1,
         0 => "users",
       ],
       0 => "ou",
       "objectclass" => [
         "count" => 2,
         0 => "top",
         1 => "organizationalUnit",
       ],
       1 => "objectclass",
       "count" => 2,
       "dn" => "ou=users,dc=winterco,dc=org",
     ],
   ]

wfjsw commented 3 years ago

Interesting fact: The builtin search builder in Apache Directory Studio also pose such behavior

stevebauman commented 3 years ago

The mystery continues...

So basically applying any additional objectclass filter alongside an objectclass=top filter will prevent the objects from being returned? Am I understanding that correctly?

Interesting fact: The builtin search builder in Apache Directory Studio also pose such behavior

I'm happy to hear that this is not a bug with LdapRecord.

Do you think your instance of ApacheDS has a possible bug in its configuration? Is this ApacheDS instance running locally on your machine? Or is it sitting on a server in your infrastructure?

wfjsw commented 3 years ago

The existence of objectclass=top and other object classes are mutually exclusive. To use other object classes I have to remove the objectclass=top from the query.

This instance is a local one, because I can't get OpenLDAP running as it keeps complaining about BerkeleyDB corruption.

The configuration file was created by Apache Directory Studio. I didn't remember changing any related settings.

stevebauman commented 3 years ago

This instance is a local one, because I can't get OpenLDAP running as it keeps complaining about BerkeleyDB corruption.

If this instance is local, it may be worth attempting to create a fresh new local instance to see if this behaviour still occurs.

I'll see if I can get my own instance of ApacheDS running on my computer and attempt to explore this a bit. 👍

stevebauman commented 3 years ago

Closing due to inactivity.

DirectoryTree / LdapRecord

[Support] Model seems broken with ApacheDS #235