changed notes changed state Open to Closed
Full_Name: Even Holen Version: 1.2.7 OS: A lot... URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (129.241.92.103) When using the client tool ldapsearch, I've noticed that it always prints the 'dn' field. (The function is located in clients/tools/ldapsearch.c, the print_entry functions and is like: if ( ldif ) { write_ldif_value( "dn", dn, strlen( dn )); } else { printf( "%s\n", dn ); } ) In my opinion there should be an option not to display this field. An example to prove my point: If I want to use ldapsearch to locate a mail-adress I need to do something like: ldapsearch -h somewhere -b "o=ntnu,c=no" -s sub "uid=evenh" mail | tail -1 And to make it even easier to do such a search I would suggest an option to return only the _values_. You've got an option for only attributes, but not for only values. In other words I would like my example to be something like: ldapsearch -N -V -h somewhere -b "o=ntnu,c=no" -s sub "uid=evenh" mail which would return, say: evenh+ldap@pvv.ntnu.no instead of: uid=evenh, o=ntnu, c=no mail=evenh+ldap@pvv.ntnu.no The extra options are: -V retrieve values only (no attribute names) -N No display of dn-field Regards, Even Holen
At 08:22 PM 3/17/00 GMT, evenh+ldap@pvv.ntnu.no wrote: >Full_Name: Even Holen >Version: 1.2.7 >OS: A lot... >URL: ftp://ftp.openldap.org/incoming/ >Submission from: (NULL) (129.241.92.103) > > >When using the client tool ldapsearch, I've noticed that it always prints the >'dn' field. Yes, becauses returning entries always contain a DN. >And to make it even easier to do such a search I would suggest an option to >return only the _values_. As there is no such protocol option, I don't think the command should have such an option. ldapsearch is meant to relate to the LDAP search operation. >You've got an option for only attributes, but not for only values. Note that that option is a protocol request option: -A retrieve attribute names only (no values) and not an output processing option. >In other words I would like my example to be something like: > ldapsearch -N -V -h somewhere -b "o=ntnu,c=no" -s sub "uid=evenh" mail >which would return, say: evenh+ldap@pvv.ntnu.no >instead of: > uid=evenh, o=ntnu, c=no > mail=evenh+ldap@pvv.ntnu.no A value is meaningless without knowing the attribute type. If the server supports subtyping (OpenLDAP 1.x doesn't, but others do), a search (not I'll use LDIF output for clarity): ldapsearch -F -h somewhere -b "o=ntnu,c=no" -s sub "uid=evenh" mail dn: uid=evenh, o=ntnu, c=no mail-subtype: pvv.ntnu.no!evenh+ldap dn: cn=xyz, o=ntnu, c=no The output demonstrates that the search could return multiple entries (any in the scope that match the filter), that subtypes of the attribute mail may be returned, that entries that do not contain the type be returned. As such, I believe that processing of returned results is best left to other programs.
On Fri, Mar 17, 2000 at 02:06:50PM -0800, Kurt D. Zeilenga wrote: > At 08:22 PM 3/17/00 GMT, evenh+ldap@pvv.ntnu.no wrote: > >When using the client tool ldapsearch, I've noticed that it always prints the > >'dn' field. > > Yes, becauses returning entries always contain a DN. But does this need to be displayed? > >And to make it even easier to do such a search I would suggest an option to > >return only the _values_. > > As there is no such protocol option, I don't think the command should > have such an option. ldapsearch is meant to relate to the LDAP search > operation. That I understand, but I still believe that some people want the functionality I ask. Do you think the openldap-project at some point will include a script/program which returns output without DN and maybe with only values? Maybe I'm missing something obvious here, but I really would like to have a program which could ask a ldap-server and where I could use the response directly in my mail-program, or where the response is just what I asked for and not a lot more... Regards, Even Holen -- <>< Even Holen, evenh@pvv.ntnu.no, http://www.pvv.ntnu.no/~evenh/ :-)
At 11:25 PM 3/17/00 +0100, Even Holen wrote: >On Fri, Mar 17, 2000 at 02:06:50PM -0800, Kurt D. Zeilenga wrote: >> At 08:22 PM 3/17/00 GMT, evenh+ldap@pvv.ntnu.no wrote: >> >When using the client tool ldapsearch, I've noticed that it always prints the >> >'dn' field. >> >> Yes, becauses returning entries always contain a DN. > >But does this need to be displayed? Both supported output formats (LDIF and "alternative") require thatentries include their DN. >> >And to make it even easier to do such a search I would suggest an option to >> >return only the _values_. >> >> As there is no such protocol option, I don't think the command should >> have such an option. ldapsearch is meant to relate to the LDAP search >> operation. > >That I understand, but I still believe that some people want the >functionality I ask. That's true for most anything. >Do you think the openldap-project at some point >will include a script/program which returns output without DN and maybe >with only values? If later version of LDIF support such, yes. >Maybe I'm missing something obvious here I think you are missing the intended purpose of ldapsearch. It is intended to provide a command line interface to ldap_search(), which is an interface to the LDAP search operation. Processing of the results are left to the caller. Kurt
requested options not supported by protocol, should be handled external to tool.