Dear list members,
i've recently read that dn syntax in memberOf attributes does not allow substring matching in an ldap search filter like:
(memberOf=cn=41*)
Is there another way implement a substring search in memberOf attributes? Given the following structure:
dn: cn=user0,ou=people,o=univeritaet konstanz,c=de memberOf: cn=410000,ou=groups,o=univeritaet konstanz,c=de
dn: cn=user1,ou=people,o=univeritaet konstanz,c=de memberOf: cn=410001,ou=groups,o=univeritaet konstanz,c=de
dn: cn=user2,ou=people,o=univeritaet konstanz,c=de memberOf: cn=410002,ou=groups,o=univeritaet konstanz,c=de
...
dn: cn=user100,ou=people,o=univeritaet konstanz,c=de memberOf: cn=410100,ou=groups,o=univeritaet konstanz,c=de
dn: cn=user101,ou=people,o=univeritaet konstanz,c=de memberOf: cn=420000,ou=groups,o=univeritaet konstanz,c=de
...
is there an appropriate ldap search filter expression that can be used to filter all memberOf attributes that begin with 41? Whereby compound ldap search expressions like:
(| (memberOf=cn=410000,ou=groups,o=univeritaet konstanz,c=de) (memberOf=cn=410001,ou=groups,o=univeritaet konstanz,c=de) (memberOf=cn=410002,ou=groups,o=univeritaet konstanz,c=de) ... (memberOf=cn=410100,ou=groups,o=univeritaet konstanz,c=de) )
are not intended to become implemented, because in real world they would get much too long and therefore too hard to maintain.
Best regrads, Markus
openldap-technical@openldap.org
-
Markus Ludwig Grandpré