Hello,
I have a question regarding the construction of search filter (assuming that what I think is possible in LDAP).
For a tree shown like below:
o dc=com | o dc=xyz / | | \ ou=machines o . . . . . o ou=people / | \ uid=abby o . . o ou=xie <- OC1 / ou=options o <- OC2 / ou=theme1 o <- OC3OC1 != OC2 != OC3 (objectclasses with different set of attributes)
Assume that at uid=<name> rdn, the objectclass (OC1) has an attribute called accessFlag. Based on this accessFlag attribute value, is it possible to construct a search filter that will give us the attributes of the objectclass (OC3) with rdn ou=<theme name>?
That is, I want to get the theme values of all users whose accessFlag is set to some value.
In short, this is not possible.
As a more articulate response, I'd note this type of behavior is occasionally needed, and should be implemented at the application level. For this purpose, I have drafted in the past a formal specification of a search control that allows to specify the parameters of a subsearch to be applied to all entries returned by the primary search. This specification was never submitted for many reasons and unfortunately it was never implemented. I might try to dig out what I wrote, in case someone finds it interesting and worth reviving and implementing.
p.