Hi,
reading this: http://www.openldap.org/faq/data/cache/1133.html - do I read this correctly that the set syntax can also be employed in search filters? The reason I ask is because Mark is listing LDAP URIs and this sentence: "The LDAP search corresponding to the URI's DN, attributes, scope and filter is performed, and all the matching entries are dereferenced."
I'm unsure because the Admin Guide for 2.4 only mentions sets in the context of ACLs, and slapd.access(5) states that it's "undocumented".
Thanks for any clarification,
Stephan
On 03/08/2014 04:12 AM, Stephan Fabel wrote:
Hi,
reading this: http://www.openldap.org/faq/data/cache/1133.html - do I read this correctly that the set syntax can also be employed in search filters? The reason I ask is because Mark is listing LDAP URIs and this sentence: "The LDAP search corresponding to the URI's DN, attributes, scope and filter is performed, and all the matching entries are dereferenced."
I'm unsure because the Admin Guide for 2.4 only mentions sets in the context of ACLs, and slapd.access(5) states that it's "undocumented".
That text is referring to the "filter" portion of an LDAP URI. Entries matching the URI are collected into a set and subsequently used in sets algebra. In any case, sets are only used in the context of ACL evaluation.
p.
Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano
________________________________________ From: Stephan Fabel [sfabel@hawaii.edu] Sent: Saturday, March 8, 2014 11:44 AM To: Pierangelo Masarati Cc: openldap-technical@OpenLDAP.org Subject: Re: set syntax possible in search filter?
On Mar 7, 2014 10:03 PM, "Pierangelo Masarati" <pierangelo.masarati@polimi.itmailto:pierangelo.masarati@polimi.it> wrote:
In any case, sets are only used in the context of ACL evaluation.
Thanks! Are there any plans to add this functionality in the future?
What functionality? Please define it in compliance with LDAP specs.
P.
On Saturday, March 08, 2014 12:17:58 PM Pierangelo Masarati wrote:
What functionality? Please define it in compliance with LDAP specs.
I'm asking whether there are any plans to be able to use set syntax in similar form as defined with the ACL functionality in search filters. So as to be able to search for something like "return all people who's manager's secretary is a member of a certain group.".
So a filter like this: '(set=this/manager/secretary & [cn=group]/member)'
Stephan
Stephan Fabel wrote:
On Saturday, March 08, 2014 12:17:58 PM Pierangelo Masarati wrote:
What functionality? Please define it in compliance with LDAP specs.
I'm asking whether there are any plans to be able to use set syntax in similar form as defined with the ACL functionality in search filters. So as to be able to search for something like "return all people who's manager's secretary is a member of a certain group.".
So a filter like this: '(set=this/manager/secretary & [cn=group]/member)'
Your inquiry is a more complex version of the former posting answered by Howard here:
http://www.openldap.org/lists/openldap-technical/201403/msg00053.html
No, I don't know any plans for this.
Ciao, Michael.
Michael Ströder wrote:
Stephan Fabel wrote:
On Saturday, March 08, 2014 12:17:58 PM Pierangelo Masarati wrote:
What functionality? Please define it in compliance with LDAP specs.
I'm asking whether there are any plans to be able to use set syntax in similar form as defined with the ACL functionality in search filters. So as to be able to search for something like "return all people who's manager's secretary is a member of a certain group.".
So a filter like this: '(set=this/manager/secretary & [cn=group]/member)'
Your inquiry is a more complex version of the former posting answered by Howard here:
http://www.openldap.org/lists/openldap-technical/201403/msg00053.html
No, I don't know any plans for this.
I stumbled across this ancient but somewhat related I-D today:
http://tools.ietf.org/html/draft-moats-ldap-dereference-match-02
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Pierangelo Masarati -
Stephan Fabel