Hi there,
I don't understand what's happening here so hopefully someone can help me with this.
I have a DIT that contains objects like this:
uid=test,ou=user,ou=sales,o=Testcompany
Now I want to find out all objects that have "sales" in their DN. Since DN is not an attribute one can search for I used the the operational attribute "entryDN": ldapsearch -x "(entryDN=*sales*)" cn That search didn't find anything.
After that I tried ldapsearch -x "(entryDN=uid=test,ou=user,ou=sales,o=Testcompany)" cn and got the expected result.
Now it seems that as soon as I use a wildcard in the filter argument the search returns nothing. Even ldapsearch -x "(entryDN=uid=test,ou=user,ou=sales,o=Testcompan*)" cn returns nothing.
I've also tried things like ldapsearch -x "(entryDN:dnSubtreeMatch:=*sales*)" cn which returned no result either.
Any ideas what I'm doing wrong? Any help would be greatly appreciated!
Cheers -- Markus
On Wed, 25 Apr 2012, Uncle Hildegard wrote:
I have a DIT that contains objects like this:
uid=test,ou=user,ou=sales,o=Testcompany
Now I want to find out all objects that have "sales" in their DN. Since DN is not an attribute one can search for <...>
Yes you can: (ou:dn:=sales)
Philip
Uncle Hildegard wrote:
I have a DIT that contains objects like this:
uid=test,ou=user,ou=sales,o=Testcompany
Now I want to find out all objects that have "sales" in their DN.
Try out the filter (ou:dn:=sales)
"entryDN": ldapsearch -x "(entryDN=*sales*)" cn That search didn't find anything.
After that I tried ldapsearch -x "(entryDN=uid=test,ou=user,ou=sales,o=Testcompany)" cn and got the expected result.
Now it seems that as soon as I use a wildcard in the filter argument the search returns nothing. Even ldapsearch -x "(entryDN=uid=test,ou=user,ou=sales,o=Testcompan*)" cn returns nothing.
entryDN is of LDAP syntax Distinguished Name (1.3.6.1.4.1.1466.115.121.1.12) for which substring matching does not work just like for Directory String. Look into the server's subschema subentry to find the applicable matching rules.
On my OpenLDAP server these are: distinguishedNameMatch, dnOneLevelMatch, dnSubordinateMatch, dnSubtreeMatch, dnSuperiorMatch
I've also tried things like ldapsearch -x "(entryDN:dnSubtreeMatch:=*sales*)" cn which returned no result either.
This should be
(entryDN:dnSubtreeMatch:=ou=user,ou=sales,o=Testcompany)
Ciao, Michael.
Hi Philip + Michael,
Try out the filter (ou:dn:=sales)
ok, that works, many thanks for your advice.
entryDN is of LDAP syntax Distinguished Name (1.3.6.1.4.1.1466.115.121.1.12) for which substring matching does not work just like for Directory String. Look into the server's subschema subentry to find the applicable matching rules.
Ok, in "newbie-speak" ;-) that means that there are certain objects in the DIT that don't accept wildcards in filters, right? I must admit that I haven't understood (yet) why that is and how I can tell if an object supports it or not. Can you point me to some kind of documentation where this is explained?
Thanks alot for your help!
Cheers -- Markus
Uncle Hildegard wrote:
entryDN is of LDAP syntax Distinguished Name (1.3.6.1.4.1.1466.115.121.1.12) for which substring matching does not work just like for Directory String. Look into the server's subschema subentry to find the applicable matching rules.
Ok, in "newbie-speak" ;-) that means that there are certain objects in the DIT that don't accept wildcards in filters, right?
Yes. There are attribute types for which no SUBSTR matching rule is defined or implemented. You have to look at the subschema to find out for a particular attribute type. Use a decent schema browser for that.
web2ldap has a built-in schema browser which displays all this including inheritance. But being the author I'm biased of course.
https://demo.web2ldap.de:1760/web2ldap/oid?ldap://ldap.uninett.no/dc=uninett...
I must admit that I haven't understood (yet) why that is and how I can tell if an object supports it or not. Can you point me to some kind of documentation where this is explained?
RFC 4512 describes this in detail.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Philip Guenther -
Uncle Hildegard