[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with greaterOrEqual/lessOrEqual


I am new to this list and I realize that I might be asking a FAQ-class
question. I am also pretty new to LDAP. Anyway, here I go:

I have been utterly unsuccessful in performing LDAP searches with search
filters that use lessOrEqual/greaterOrEqual. For example, I am working on
an LDAP-based solution to store user and group information and use the
posixAccount and posixGroup (among other) object classes and would like to
have some application fetch a number of entries based on a range og
uidNumbers or gidNumbers. No luck...

Consider the following search:

ldapsearch -LLL  -H ldaps://test.roxen.com/ -b 'dc=roxen,dc=com' \
'(& (objectclass=posixGroup) \
(| (gidNumber=1004) (gidNumber=1005) (gidNumber=1006)))'

dn: cn=lars, ou=Groups, dc=roxen, dc=com
cn: lars
memberUid: lars
objectClass: posixGroup
gidNumber: 1004

dn: cn=morre, ou=Groups, dc=roxen, dc=com
cn: morre
memberUid: morre
objectClass: posixGroup
gidNumber: 1006

dn: cn=mirar, ou=Groups, dc=roxen, dc=com
cn: mirar
memberUid: mirar
objectClass: posixGroup
gidNumber: 1005

OK, so now I know that gidNumber's 1004-1005 are assigned. Now I would
like to search for gidNumber 1004-1005. I _believe_ this is how that might
be done:

ldapsearch -LLL  -H ldaps://test.roxen.com/ -b 'dc=roxen,dc=com' \
'(& (objectclass=posixGroup) (gidNumber>=1004) (gidNumber<=1006))'

This returns absolutely nothing. Am I assuming something about LDAP that I
shouldn't?  The software in question is OpenLDAP 2.0.17.


Erik Persson, System Manager            <erik@roxen.com>
Roxen Internet Software                 Voice:  +46 13 376817