[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Too many candidates on ldapsearch

Hi Quanah,

Even though this might really be a LDBM vs BDB issue, I'm still not convinced... :)

If I try something like this :

ldapsearch "(&(givenName=marc)(sn=gaudreau)(uidNumber=999999))"
ldapsearch "(&(cn=marc)(uidNumber=999999))"

I also immediatlely get nothing back (add a star after "marc" and I get the correct entry in both cases).

I did a little bit more research on this and here is what I found so far...

The problem seems to happen whenever these conditions are met :

1- The search filter tries an exact match on an attribute for "x" and there exists at least one entry in the directory where the attribute is "x-something".
2- The search filter contains at least one condition that is met by a lot of entries.
3- The order in which the filter is built seems to matter.

However, it seems to happen pretty much all the time for "givenName" and "sn" but I did not find any problems with the "cn" attribute...

Here are some further examples of working and non-working search filters :

For these examples, let's say we have these entries in the directory :

givenName: Marc-Andre
sn: Gaudreau

givenName: Marc
sn: Smith

givenName: Quanah
sn: Gibson-Mount

givenName: Joe
sn: Gibson

and a few thousand more...  :)

Working filters :

(&(cn=marc)(objectClass=person)) => ("cn" seems to be ok...)
(&(objectClass=person)(givenName=marc)(sn=gaudreau)) => (because the objectClass condition is before everything else, this works fine)

Non-working filters :

(&(givenName=marc)(sn=gaudreau)(objectClass=person)) => (this time the objectClass condition is at the end and this does not work)
(&(givenName=quanah)(sn=gibson)(objectClass=person)) => (same problem but with "sn" instead)
(&(givenName=joe)(sn=gibson)(objectClass=person)) => (this still does not work because of the "Gibson-Mount" entry)

Thanks again for your help (please tell me if I could post any other usefull info).

Quanah Gibson-Mount wrote:

Hi Marc,

I think this might be specific to the LDBM backend. With my BDB database, when I do a query like this:

ldsearch "(&(cn=Joe)(suptsuid=6199))"

I immediately get nothing back (Note that I changed the real name, which has a hyphenated entry to protect that person's identity.)

When I do:
ldsearch "(&(cn=Joe*)(suptsuid=6199))"

I get the correct entry.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html