[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Extensible Match Filters

To: Brent Holland <brent.holland@openwave.com>
Subject: Re: Extensible Match Filters
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 07 Feb 2001 17:53:35 -0800
Cc: ietf-ldapext@netscape.com
In-reply-to: <a05010405b6a4d577d16d@[10.0.1.201]>

At 02:21 PM 2/5/01 -0800, Brent Holland wrote:
>Is is possible for a LDAPV3 extensible match filter to contain an assertion value with Substring Assertion syntax in the form:
>
>    ldapsearch (attr:dn:1.2.3.4.5.6.7:=*foo*bar*)
>
>The RFC's seem to be in conflict on this type of value production in the extensible filter:  reference section 4.5.1 of RFC 2251, section 4 of RFC 2254, and section 8.3 of RFC 2252.

The above filter is illegal.  If value contains '*', it must
be escaped.  For example, to test for Kurt*Zeilenga in the
common name:
    (cn:dn:1.3.6.1.4.1.1466.115.121.1.58:=foo\2Abar)

Note that if you wanted to search the any substring "foo*bar"
you'd have to do:
    (cn:dn:1.3.6.1.4.1.1466.115.121.1.58:=\2Afoo\5C2Abar\2A)

Note the "*" in the substring must be escaped per
RFC 2252, 8.2 / 4.3 when producing substring value "*foo\2Abar*"
and then this escaped per RFC2254, 4.

Kurt

Follow-Ups:
- RE: Extensible Match Filters
  - From: "Steven Legg" <steven.legg@adacel.com.au>

References:
- Extensible Match Filters
  - From: Brent Holland <brent.holland@openwave.com>

Prev by Date: Re: dnAttribute Processing in Extensible Match Filters
Next by Date: RE: Extensible Match Filters
Index(es):
- Chronological
- Thread