Tobias Prinz wrote:
I am just starting with LDAP, but there is some basic thing that I do not understand and that does not make sense at all:
I have got an OpenLDAP server and it does contain data.
This search returns a bunch of results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber=500)'
Yet this returns no results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>=500)'
So I invert it and this returns no results either: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(!(gidNumber>=500))'
This simply fails (okay, I knew that, but at least I know the ones above are not syntax errors, because the greater-sign alone is not defined as a filter in RFC 1960 nor RFC 4515): ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>499)'
Can someone point me in the right direction, please?
In general: To make greater-than or smaller-than filters work there has to be an ORDERING matching rule defined for the attribute types in question.
In particular for gidNumber: The ORDERING matching rules for uidNumber and gidNumber were added to schema_prep.c recently (OpenLDAP release 2.4.25, see also ITS#6852). So you probably have to upgrade.
Ciao, Michael.