[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch question

To: FM <dist-list@LEXUM.UMontreal.CA>
Subject: Re: ldapsearch question
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 16 Mar 2005 00:33:32 +0100
Cc: OpenLDAP-Software <openldap-software@OpenLDAP.org>
In-reply-to: <423768B3.5080809@lexum.umontreal.ca>
References: <423768B3.5080809@lexum.umontreal.ca>

FM writes:
> I tried google first but looking for stuff like >= is not working ..at
> all :)
>
> I creating a script to add posixuser, with ldapsearch, how can I find
> uidnumber > 1000 ?

You can't, because uidNumber has no ORDERING matching rule.

Also note that indexing for ORDERING is not supported, so the search has
to examine every entry in the search scope.

The right fix for the first problem is to create your own attribute -
maybe a subtype of uidNumber - and use that instead.

If that's not feasible, an uglier workaround is to maintain a private
copy of etc/openldap/schema/nis.schema where you insert 'ORDERING
integerOrderingMatch' after uidNumber's EQUALITY matching rule, and
then check if the standard nis.schema has changed whenever you upgrade
OpenLDAP.  You may someday get a schema conflict with an application
or server which knows uidNumber's correct definition, but probably not.

-- 
Hallvard

Follow-Ups:
- Re: ldapsearch question
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- ldapsearch question
  - From: FM <dist-list@LEXUM.UMontreal.CA>

Prev by Date: ldapsearch question
Next by Date: Re: ldapsearch question
Index(es):
- Chronological
- Thread