Re: LDAP Search: If filter contains nonexistant attribute, entry will not be returned as a 'hit'

["Pierangelo Masarati" <ando@sys-net.it>]

> Hello,
>
> I'm using openLDAP and I'm attempting to search with a filter like the
> following:
>
> In English:
>    Find all entries whose "objectClass" is "person", has an email
> address, and one of the following attributes contains "jere": sn, cn,
> blahblah.
>
> In LDAP Filter language:
>    (&(objectClass=person)(|(sn=*jere*)(cn=*jere*)(blahblah=*jere*))(mail=*))
>
> My problem is that if a particular entry does not contain each
> attribute (sn, cn, and blahblah) they will not get returned as a hit.
> The attribute "blahblah" is obviously a nonexistent attribute, but
> being inside an "OR" parenthesis group I would assume that wouldn't
> matter.

Your assumption is in contrast with the specifications of an LDAP filter. 
If "blahblah" is unknown to the DSA (i.e. it does not have a schema
specification), then the __entire__ OR filter evaluates to UNDEFINED,
according to draft-ietf-ldapbis-protocol.

>
> I desire to search many entries in my LDAP for a particular "search
> keyword", and I want to search a couple possible attributes for that
> "search keyword". I would think if an entry's "sn" attribute contained
> "jere" but it didn't have a "cn" or "blahblah" attribute, it would
> still get returned as a "hit". This is not the case.
>
> Is there a problem with my search filter? Is there another way to
> accomplish what I'm wanting here? Any help would be appreciated.

See above.  Note that one means to determine if "blahblah" is supported is
to look at the subschema subentry.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497