Hi everbody,
I tried to create a dynamic group with dynlist and got a problem with a search filter. I searched the net for a solution, but found nothing that fits.
I want to collect all people thet have a common attribute (attributA=X), but only people that have a uid that isn´t a number.
We got people with uids similar to their last name (Meier, Müller, Schmidt) and Users that got a number as uid (123456). I tried a filter like:
ldap:///ou=users,dc=example,dc=de?uid?sub?(&(attributeA=X)(!(uid=[0-9]*)))
but that doesn´t work. A solution like:
ldap:///ou=users,dc=example,dc=de?uid?sub?(&(attributeA=X)(!(uid=0*))(! (uid=1*))(!(uid=2*))(!(uid=3*)).....)
works, but there must be a more elegant way to do this....right?
Best regards, Florian Götz
---------------------------------------------------------------------------------------- Dipl.-Inf. (FH) Florian Götz Rechenzentrum Hochschule Mannheim Paul-Wittsack-Straße 10 68163 Mannheim Tel: 0621/292-6232
EMail: f.goetz@hs-mannheim.de Internet: http://www.rz.hs-mannheim.de
-----
On 30/09/2009 08:48, Florian Götz wrote:
Hi everbody,
I tried to create a dynamic group with dynlist and got a problem with a search filter. I searched the net for a solution, but found nothing that fits.
I want to collect all people thet have a common attribute (attributA=X), but only people that have a uid that isn´t a number.
We got people with uids similar to their last name (Meier, Müller, Schmidt) and Users that got a number as uid (123456). I tried a filter like:
ldap:///ou=users,dc=example,dc=de?uid?sub?(&(attributeA=X)(!(uid=[0-9]*)))
That looks like regexp syntax, which isn't part of LDAP filters.
but that doesn´t work. A solution like:
ldap:///ou=users,dc=example,dc=de?uid?sub?(&(attributeA=X)(!(uid=0*))(! (uid=1*))(!(uid=2*))(!(uid=3*)).....)
works, but there must be a more elegant way to do this....right?
Well, the uid attribute uses a string syntax. So to the LDAP server, there is no distinction between uids that are numbers or not, they're all strings to the server. So, the short answer is no.
The slightly longer one is that theoretically you could use a special matching rule that only matched integers, I guess... But that really is a lot more complicated than your suggested solution.
Looking at the question in a broader light, I might ask why you store two different types of UID in the same attribute? Would it not make more sense to store numeric UIDs in another attribute, such as uidNumber, for example?
Regards, Jonathan
openldap-technical@openldap.org