[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Resolving groups (neophyte question)
I tried this and it doesn't work with the version of OpenLDAP
I'm running (1.2 I think) or with Netscape's Directory Server 4.0.
I really don't think even if it worked that you'd save anything over
using:
ldapsearch -b 'uid=bryan,ou=People,o=mirapoint.com' -s base objectclass=*
since the database is indexed by dn, this will effectively "search" one
entry,
and return it.
-----Original Message-----
From: Jeff Clowser [mailto:jclowser@aerotek.com]
Sent: Tuesday, June 08, 1999 10:24 AM
To: Philip A. Prindeville
Cc: openldap-general@OpenLDAP.org
Subject: Re: Resolving groups (neophyte question)
Try this:
ldapsearch -v -L -s sub -b 'o=mirapoint.com' -h ugh
'dn=uid=bryan,ou=People, o=mirapoint.com'
(Note the dn=uid=...)
Probably a more efficient way would be to make the scope
same (-s same?) and the base dn be your members dn
(i.e. -b 'uid=bryan,ou=People, o=mirapoint.com') and
your filter (objectclass=*) or (objectclass=inetorgperson) or
whatever is appropriate).
-Jeff
"Philip A. Prindeville" wrote:
Mark Wilcox wrote:
>
> Hi,
> try a filter like this
> (uniquemember=uid=bryan*)
>
> btw inetOrgperson is a standard object class.
>
> Mark
You've misunderstood what I was trying to do. I've already
gotten the uniquemember attributes of a group. Now I want to
search the directory for those person (or whatever subclass)
records that I got back in the original query.
My question is, given that the 'uniquemember' field supposedly
contains a DN, why can't I search based on that value (as a
filter)?
-Philip
> -----Original Message-----
> From: Philip A. Prindeville <philipp@mirapoint.com>
> To: openldap-general@OpenLDAP.org <openldap-general@OpenLDAP.org>
> Date: Monday, June 07, 1999 6:19 PM
> Subject: Resolving groups (neophyte question)
>
> >I have a question regarding resolving lists (groups). If I have a group
> >that
> >looks like:
> >
> >% ldapsearch -v -L -s sub -b 'o=mirapoint.com' -h ugh "cn=Software
> >Engineers"
> >ldap_init( ugh, 0 )
> >filter pattern: cn=Software Engineers
> >returning: ALL
> >filter is: (cn=Software Engineers)
> >dn: cn=Software Engineers,ou=Groups, o=mirapoint.com
> >objectclass: top
> >objectclass: groupofuniquenames
> >cn: Software Engineers
> >creatorsname:
> >uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
> >createtimestamp: 19990603220646Z
> >uniquemember: uid=bryan,ou=People, o=mirapoint.com
> >uniquemember: uid=philipp,ou=People, o=mirapoint.com
> >uniquemember: uid=btaylor,ou=People, o=mirapoint.com
> >description: Hackers
> >modifiersname:
> >uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
> >modifytimestamp: 19990603220951Z
> >1 matches
> >
> >and I try to search on the returned DNs in the uniquemember attribute
> >field,
> >then the search always fails:
> >
> >ldapsearch -v -L -s sub -D 'cn=Directory Manager' -w 'directory' -b
> >'o=mirapoint.com' -h ugh 'uid=bryan,ou=People,o=mirapoint.com'
> >putois% ldapsearch -v -L -s sub -b 'o=mirapoint.com' -h ugh
> >'uid=bryan,ou=People, o=mirapoint.com'
> >ldap_init( ugh, 0 )
> >filter pattern: uid=bryan,ou=People,o=mirapoint.com
> >returning: ALL
> >filter is: (uid=bryan,ou=People,o=mirapoint.com)
> >0 matches
> >
> >But if I search on just "uid=bryan" then it finds the person record just
> >
> >fine. Actually it's an inetOrgPerson since I'm using the Netscape
> >directory server.
> >
> >No doubt I'm missing something obvious. I just don't know what.
> >
> >Someone want to help me out here?
> >
> >Thanks,
> >
> >-Philip
> >
> >
> >
> >
--
Jeff Clowser
mailto:jclowser@aerotek.com Hanover MD 21076 USA
Phone: (410)-579-4328 7312 Parkway Drive