[Date Prev][Date Next]
On Thursday 01 November 2001 13:17, you wrote:
> > >I would like to use a filter on "dn" with ldapsearch.
> > >like '(dn=*toto*)' Is it possible ?
> Although in principle this should not be so easy to implement, as substring
> match in DNs could be allowed only for those attribute values that have
> substring mathc in their definition, this feature could be useful.
> Has ever been any attempt to consider it in LDAP specification, or did
> anybody show any interest on it?
RFC2254's extensible matching may be what you want.
It allows to create filters that consider DN parts as some kind of "virtual"
attributes of objects
Here's the interesting part from the RFC
The following examples illustrate the use of extensible matching.
The second example illustrates the use of the ":dn" notation to
indicate that matching rule "18.104.22.168.10" should be used when making
comparisons, and that the attributes of an entry's distinguished name
should be considered part of the entry when evaluating the match.
The third example denotes an equality match, except that DN
components should be considered part of the entry when doing the
The fourth example is a filter that should be applied to any
attribute supporting the matching rule given (since the attr has been
left off). Attributes supporting the matching rule contained in the
DN should also be considered.
I do not know whether it is implemented (in full or partially) in OpenLDAP
(or another LDAP server) or how hard it is to implement it.
Peter Marschall | eMail: firstname.lastname@example.org
Scheffelstraße 15 | email@example.com
97072 Würzburg | Tel: 0931/14721
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28 35