Re: Question on Extensible Match Filter

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 10:02 AM 2/10/00 -0500, Mcauliffe, Kristin wrote:
>I am working on LDAP v3 Search filters and cannot seem to get a return from
>the DS servers (Netscape, Novell NDS and MS AD) that I am testing using the
>Extensible Match string.

I suggest you request help on a forum specific to the implementation
of LDAPv3 you are using.

>I am following the definition identified in
>RFC2254 and those identified in Chapter 3 of "Understanding and Deploying
>LDAP DS" (and the examples).  I have used both the assertion syntax and the
>value syntax. 
>
>The results received are:  
>
>Bind operation successful.
>ldap_search_s:  Protocol error 
>ldap_search_s:  additional info: Bad search filter

Looks like you sent the filter to an LDAPv2 server.  An LDAPv3
should not have returned a protocol error just because it
doesn't recognize extended search filter or other filter details.

RFC 2251:
     A filter item evaluates to Undefined when the server would not
     be able to determine whether the assertion value matches an
     entry.  If an attribute description in an equalityMatch, substrings,
     greaterOrEqual, lessOrEqual, approxMatch or extensibleMatch
     filter is not recognized by the server, a matching rule id in the
     extensibleMatch is not recognized by the server, the assertion
     value cannot be parsed, or the type of filtering requested is not
     implemented, then the filter is Undefined. 


I suggest contacting your server vendor.  Be sure to provide
the exact search filter specified and other detail likely to
assist the vendor in helping you.

Kurt