我有一个工作的SSL连接到一个OpenLDAP服务器。
当我进行ldapsearch时,例如使用过滤器 (sn=L*)
我得到了所有Sn以 "L "开头的用户。(sn=*)
我没有得到任何结果.当我切换回LDAP连接(而不是LDAPS连接)时,我发现结果也与过滤 (sn=*)
.
我发现,如果搜索结果包含的条目太多(> 约10个),那么当使用LDAPS-连接时,我就不会得到结果。
为什么在使用LDAPSSSL时,搜索结果会有限制?
这是我的slapd.conf-文件。
#LDAP Backend configuration file
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/nis.schema
include ./schema/inetorgperson.schema
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
# Full log level
loglevel 32768 16384 2048 1024 512 256 128 64 32 16 8 4 2 1
sizelimit unlimited
timelimit unlimited
# Enable TLS if port is defined for ldaps (to openldap)
TLSVerifyClient never
#TLSCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!EXP:!SSLV2:!eNULL
TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3
TLSProtocolMin 3.3
TLSCertificateFile ./secure/certs/maxcrc.cert.pem
TLSCertificateKeyFile ./secure/certs/maxcrc.key.pem
TLSCACertificateFile ./secure/certs/maxcrc.cert.pem
# Configuration for Connection to example.local
database meta
suffix "DC=example,DC=local"
rootdn "DC=example,DC=local"
rebind-as-user yes
uri ldaps://DC001.example.local:636/dc=example,DC=local
lastmod off
chase-referrals no
idassert-bind bindmethod=simple
binddn="cn=CN=Username,OU=Users,OU=Orga,DC=example,DC=local"
credentials="XXXX"
tls_reqcert=never
tls_cacert=./secure/certs/example-ca.pem
tls ldaps tls_reqcert=allow tls_cacert=./secure/certs/example-ca.pem
# Configuration for Connection to Test-LDAP
uri ldap://ldap.andrew.cmu.edu/dc=test,dc=example,dc=local
suffixmassage "dc=test,dc=example,dc=local" "dc=edu,dc=meta,dc=com"
overlay rwm
rwm-map attribute uid samaccountname
rwm-map attribute member memberOf
rwm-map objectclass inetOrgPerson user
有谁知道为什么我会有这种行为?我是否在slapd.conf-file中漏掉了一些属性设置?