Ulrich Windl wrote:
>>> Quanah Gibson-Mount <quanah(a)zimbra.com> schrieb am
25.09.2014 um 18:30 in
> --On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl
> <Ulrich.Windl(a)rz.uni-regensburg.de> wrote:
>> I'd like to query userPassword attributes that don't start with
>> but it seems substring match doesn't work there. An addition I'd like to
>> find those users that didn't change their password since the user was
>> created, i.e. modifyTimestamp=createTimestamp, but I think that's not
>> possible in a search filter as the right of '=' is interpreted
>> Any ideas?
> (modifyTimeStamp<=createTimestamp) should do it?
> Since modifyTimestamp can
> never be less than createTimestamp, that will only return entries where
> they are equal.
Isn't that equivalent to (modifyTimeStamp<="createTimestamp"), i.e.
isn't createTimestamp interpreted literaly?
Or does ldapsearch do some magic if it detects an LDAP attribute on
the right side?
Anyway, I tried it, but I get too many results, e.g.
(Of course I know I could write some Perl to do the needed filtering, but it would be
nice if the LDAP server could help...)
Write an extended matching rule to do what you want.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/