Hello there,
I am just starting with LDAP, but there is some basic thing that I do not understand and that does not make sense at all:
I have got an OpenLDAP server and it does contain data.
This search returns a bunch of results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber=500)'
Yet this returns no results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>=500)'
So I invert it and this returns no results either: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(!(gidNumber>=500))'
This simply fails (okay, I knew that, but at least I know the ones above are not syntax errors, because the greater-sign alone is not defined as a filter in RFC 1960 nor RFC 4515): ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>499)'
Can someone point me in the right direction, please?
Thanks in advance, Tobias
--On Wednesday, September 07, 2011 5:18 PM +0200 Tobias Prinz tobiasprinz@gmx.net wrote:
Can someone point me in the right direction, please?
attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Note it only supports EQUALITY (exact match). Since there is no ORDERING rule, you cannot filter via <= or >=.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 09/07/2011 10:11 PM, Quanah Gibson-Mount wrote:
--On Wednesday, September 07, 2011 5:18 PM +0200 Tobias Prinz tobiasprinz@gmx.net wrote:
Can someone point me in the right direction, please?
attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Note it only supports EQUALITY (exact match). Since there is no ORDERING rule, you cannot filter via <= or >=.
Ah, I get it!
Thank you very much.
Also thanks to Michael Ströder for pointing it out, too.
Bye, Tobias
Tobias Prinz wrote:
I am just starting with LDAP, but there is some basic thing that I do not understand and that does not make sense at all:
I have got an OpenLDAP server and it does contain data.
This search returns a bunch of results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber=500)'
Yet this returns no results: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>=500)'
So I invert it and this returns no results either: ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(!(gidNumber>=500))'
This simply fails (okay, I knew that, but at least I know the ones above are not syntax errors, because the greater-sign alone is not defined as a filter in RFC 1960 nor RFC 4515): ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com -LLL '(gidNumber>499)'
Can someone point me in the right direction, please?
In general: To make greater-than or smaller-than filters work there has to be an ORDERING matching rule defined for the attribute types in question.
In particular for gidNumber: The ORDERING matching rules for uidNumber and gidNumber were added to schema_prep.c recently (OpenLDAP release 2.4.25, see also ITS#6852). So you probably have to upgrade.
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Quanah Gibson-Mount -
Tobias Prinz