[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: entryDN attribute / index (from iPlanet)

To: openldap-software@OpenLDAP.org
Subject: Re: entryDN attribute / index (from iPlanet)
From: Matthew Backes <mbackes@symas.com>
Date: Wed, 4 Aug 2004 23:20:36 -0700
Cc: Kornelis Sietsma <korny@sietsma.com>
In-reply-to: <4111C514.4020703@sietsma.com>
Organization: Symas
References: <4111C514.4020703@sietsma.com>

> The first problem I've met is that iPlanet seems to define a magic
> attribute "entryDN" for each directory entry.  The iPlanet docs list
> this as a "System index" that indexes the dns of each entry quickly.

> Our application does searches like :
>   "entryDn=cn=mygroup,ou=groups,o=mycustomer"

The search operation can use a scope of base, one, or subtree, and
position the root of this search at any point in the DIT.  Since you
have the DN of the object in question, why search the entire database
for it?  The common methodology would be to search like:

ldapsearch -x \
        -b cn=mygroup,ou=groups,o=mycustomer \
        -s base \
        '(objectclass=*)'

This method has the advantage of working unmodified on any
standards-compliant directory server.  (And most of the non-compliant
ones...)

If you can use base and scope to eliminate your need for an attribute
with the dn, you will likely also find it easier to port to other
directory servers.

Matthew Backes
mbackes@symas.com

References:
- entryDN attribute / index (from iPlanet)
  - From: Kornelis Sietsma <korny@sietsma.com>

Prev by Date: entryDN attribute / index (from iPlanet)
Next by Date: lockoutTime
Index(es):
- Chronological
- Thread