Re: [turba] Mapping Turba fields with GQ-marked-as-red LDAP attributes

yvon.quere@laposte.net yvon.quere at laposte.net
Mon Apr 7 12:28:07 PDT 2003 

Hi again


>If the turba attributes appear as red it means they are not
found to be
>permitted by any of the objectclass's of the object.  Either
AD is not
>presenting all the objectclasses of the object (if is doing
objectclass >hiding)
>or your AD is quite broken/mis-configured.  You should not
see ANY red
>attributes except operational ones (creation/modification
time stamps, 

Ok, got that. Probably a misconfiguration on the AD/schema
side. However, and to answer your question on 'ldapsearch' :

>If you ldapsearch on the same object do you see the same
number of >objectclass
>attributes?  ldapsearch is pretty "dumb", it doesn't do as
much sanity >checking
>as a tool like GQ.


Here's a search example (remember my sources.php looks like
this 'objectclass' => array('user','contact'),'filter' =>
'mail=*')

#
# filter:
(&(|(objectClass=user)(objectClass=contact))(mail=*brede*))
# requesting: ALL
#

# CBR, Administration, ADMINISTRATION, LOCAL
dn: CN=CBR,OU=Administration,DC=ADMINISTRATION,DC=LOCAL
<snip>
badPwdCount: 1
<snip>
displayName: BredeLe John <<<<<<<<<<<<<<<<<<<<<<<<<
<snip>
mail: John.BredeLe at airial.com
givenName: John
<snip>
distinguishedName:
CN=CBR,OU=Administration,DC=ADMINISTRATION,DC=LOCAL
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=ADMINISTRATION,DC=LOCA
 L
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user   <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
objectGUID:: v1rJmWcur0SV+5QEh23LxQ==
<snip>
sn: Bredeche
telephoneNumber: 919
<snip>
homeMTA: CN=Microsoft
MTA,CN=EXCHANGE2000,CN=Servers,CN=Premier groupe
administratif,CN=Administrative
Groups,CN=Airial,CN=MicrosoftExchange,CN=Services,CN=Configuration,DC=ADMINISTRATION,DC=LOCAL
msExchHomeServerName: /o=Airial/ou=Premier groupe
administratif/cn=Configurati
 on/cn=Servers/cn=EXCHANGE2000
mailNickname: BredeLe John 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<snip>

Ldapsearch seems to manage, with the same filter, and same
bind user, to read all those "troublesome" LDAP attributes :
displayName, mailNickName etc... (tagged as red in QG).

And nothing seems strange in the objectClass hierarchy of this
instance.

So, despite acknowledging the probable issue with the schema
on the AD side, I'm wondering why GQ and ldapsearch are
managing to get the info I need from the directory and *NOT*
Turba ?!?

Is Turba (or php-ldap lib) so respectful of the RFC or such
that he denies me what other proggies accept ???

I'm quite puzzled on that one ?!?

Thanks for your help

Yvon

Accédez au courrier électronique de La Poste : www.laposte.net ; 
3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)"

More information about the turba mailing list