Uncle Hildegard wrote:
entryDN is of LDAP syntax Distinguished Name (1.3.6.1.4.1.1466.115.121.1.12) for which substring matching does not work just like for Directory String. Look into the server's subschema subentry to find the applicable matching rules.
Ok, in "newbie-speak" ;-) that means that there are certain objects in the DIT that don't accept wildcards in filters, right?
Yes. There are attribute types for which no SUBSTR matching rule is defined or implemented. You have to look at the subschema to find out for a particular attribute type. Use a decent schema browser for that.
web2ldap has a built-in schema browser which displays all this including inheritance. But being the author I'm biased of course.
https://demo.web2ldap.de:1760/web2ldap/oid?ldap://ldap.uninett.no/dc=uninett...
I must admit that I haven't understood (yet) why that is and how I can tell if an object supports it or not. Can you point me to some kind of documentation where this is explained?
RFC 4512 describes this in detail.
Ciao, Michael.