[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch


On Thursday 01 November 2001 13:17, you wrote:
> > >I would like to use a filter on "dn" with ldapsearch.
> > >like '(dn=*toto*)'  Is it possible ?
> Although in principle this should not be so easy to implement, as substring
> match in DNs could be allowed only for those attribute values that have
> substring mathc in their definition, this feature could be useful.
> Has ever been any attempt to consider it in LDAP specification, or did
> anybody show any interest on it?

RFC2254's extensible matching may be what you want.

It allows to create filters that consider DN parts as some kind of "virtual" 
attributes of objects

Here's the interesting part from the RFC

  The following examples illustrate the use of extensible matching.

        (cn: Flintstone)
        (sn:dn: Rubble)
        (o:dn:=Ace Industry)

   The second example illustrates the use of the ":dn" notation to
   indicate that matching rule "" should be used when making
   comparisons, and that the attributes of an entry's distinguished name
   should be considered part of the entry when evaluating the match.

   The third example denotes an equality match, except that DN
   components should be considered part of the entry when doing the

   The fourth example is a filter that should be applied to any
   attribute supporting the matching rule given (since the attr has been
   left off). Attributes supporting the matching rule contained in the
   DN should also be considered.

I do not know whether it is implemented (in full or partially) in OpenLDAP
(or another LDAP server) or how hard it is to implement it.


Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35