Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
Today at 10:51am, Michael wrote:
Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
Date: Tue, 15 Sep 2015 14:53:37 -0400 From: Frank.Swasey@uvm.edu To: mlstarling31@hotmail.com CC: openldap-technical@openldap.org Subject: Re: OpenLDAP wildcard searches.
Today at 10:51am, Michael wrote:
Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below. attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Hi,
I think exactly that is the Problem. Your shema only allow Ineger Matches, so 177* isn't a valid integer, and so the match always finds nothing.
Greetings John
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Michael Gesendet: Dienstag, 15. September 2015 23:26 An: Frank Swasey Cc: openldap Betreff: RE: OpenLDAP wildcard searches.
Date: Tue, 15 Sep 2015 14:53:37 -0400 From: Frank.Swasey@uvm.edumailto:Frank.Swasey@uvm.edu To: mlstarling31@hotmail.commailto:mlstarling31@hotmail.com CC: openldap-technical@openldap.orgmailto:openldap-technical@openldap.org Subject: Re: OpenLDAP wildcard searches.
Today at 10:51am, Michael wrote:
Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below.
attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Your schema definition is missing a substring matching rule. Thus it is expected that substring searches will fail. You should fix your schema. You can run slapindex with slapd offline to regenerate the indices.
--Quanah
On Sep 15, 2015, at 2:28 PM, Michael mlstarling31@hotmail.com wrote:
Date: Tue, 15 Sep 2015 14:53:37 -0400 From: Frank.Swasey@uvm.edu To: mlstarling31@hotmail.com CC: openldap-technical@openldap.org Subject: Re: OpenLDAP wildcard searches.
Today at 10:51am, Michael wrote:
Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below.
attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Quanah Gibson-Mount wrote:
Your schema definition is missing a substring matching rule. Thus it is expected that substring searches will fail. You should fix your schema. You can run slapindex with slapd offline to regenerate the indices.
There is no substring matching rule for Integer syntax.
Ciao, Michael.
On Sep 15, 2015, at 2:28 PM, Michael <mlstarling31@hotmail.com wrote:
attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
On Sep 16, 2015, at 1:34 AM, Michael Ströder michael@stroeder.com wrote:
Quanah Gibson-Mount wrote:
Your schema definition is missing a substring matching rule. Thus it is expected that substring searches will fail. You should fix your schema. You can run slapindex with slapd offline to regenerate the indices.
There is no substring matching rule for Integer syntax
They could always write one. ;). Probably not worth the effort though.
Ciao, Michael.
On Sep 15, 2015, at 2:28 PM, Michael <mlstarling31@hotmail.com wrote: attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
From: quanah@zimbra.com Subject: Re: OpenLDAP wildcard searches. Date: Wed, 16 Sep 2015 02:40:14 -0500 To: mlstarling31@hotmail.com CC: frank.swasey@uvm.edu; openldap-technical@openldap.org
Your schema definition is missing a substring matching rule. Thus it is expected that substring searches will fail. You should fix your schema. You can run slapindex with slapd offline to regenerate the indices. --Quanah
On Sep 15, 2015, at 2:28 PM, Michael mlstarling31@hotmail.com wrote:
Date: Tue, 15 Sep 2015 14:53:37 -0400 From: Frank.Swasey@uvm.edu To: mlstarling31@hotmail.com CC: openldap-technical@openldap.org Subject: Re: OpenLDAP wildcard searches.
Today at 10:51am, Michael wrote:
Hello all, I've come across an issue where java developers using one of our LDAP environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example. retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all entries with 21 as the jurisdictionID and any wildcard for the retailerID. '(&(retailerId=*)(jurisdictionID=21))' works as expected but of course this returns all objects with any retailerID. They would like to narrow the search results using the filters below. Is there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc? '(&(retailerId=177*)(jurisdictionID=21))' returns zero results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below. attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) Thanks all for the help.
Michael wrote:
From: Frank.Swasey@uvm.edu Today at 10:51am, Michael wrote:
I've come across an issue where java developers using one of our LDAP
environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example.
retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all
entries with 21 as the jurisdictionID and any wildcard for the retailerID.
'(&(retailerId=*)(jurisdictionID=21))' works as expected but of course
this returns all objects with any retailerID.
They would like to narrow the search results using the filters below. Is
there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc?
'(&(retailerId=177*)(jurisdictionID=21))' returns zero
results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below.
attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
There is not SUBSTR matching rule available for LDAP syntax Integer.
Depending on the attribute values you could try to use LDAP syntax Numeric String instead for which SUBSTR matching rule numericStringSubstringsMatch is available.
Other solution would be to fix the client application.
Ciao, Michael.
Thank you.
Subject: Re: OpenLDAP wildcard searches. To: mlstarling31@hotmail.com From: michael@stroeder.com Date: Wed, 16 Sep 2015 10:32:27 +0200 CC: openldap-technical@openldap.org
Michael wrote:
From: Frank.Swasey@uvm.edu Today at 10:51am, Michael wrote:
I've come across an issue where java developers using one of our LDAP
environments want to be able to do wildcard searches on non-standard LDAP attributes. They are using a custom schema in the LDAP environment which contains the following attributes for example.
retailerId:jurisdictionID: They want to be able to perform the following search filter to pull all
entries with 21 as the jurisdictionID and any wildcard for the retailerID.
'(&(retailerId=*)(jurisdictionID=21))' works as expected but of course
this returns all objects with any retailerID.
They would like to narrow the search results using the filters below. Is
there something that needs to be added to the custom schema to allow this to work like it does for the standard LDAP attributes like cn,sn,mail etc?
'(&(retailerId=177*)(jurisdictionID=21))' returns zero
results'(&(retailerId=*389)(jurisdictionID=21))' returns zero results'(&(retailerId=1*389)(jurisdictionID=21))' returns zero results
From your examples - I can guess. But nobody can know.
How does this custom schema define retailerID? What are the matching rules?
-- Frank Swasey | http://www.uvm.edu/~fcs Sr Systems Administrator | Always remember: You are UNIQUE, University of Vermont | just like everyone else. "I am not young enough to know everything." - Oscar Wilde (1854-1900)
Hi Frank. See below.
attributetype ( 3.0.0.3 NAME 'retailerId' DESC 'ID of the retailer a user is assigned to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
There is not SUBSTR matching rule available for LDAP syntax Integer.
Depending on the attribute values you could try to use LDAP syntax Numeric String instead for which SUBSTR matching rule numericStringSubstringsMatch is available.
Other solution would be to fix the client application.
Ciao, Michael.
openldap-technical@openldap.org
-
Fischer, Johannes -
Frank Swasey -
Michael -
Michael Ströder -
Quanah Gibson-Mount