[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Too many candidates on ldapsearch

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Too many candidates on ldapsearch
From: Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca>
Date: Mon, 02 Feb 2004 11:36:29 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <341541440.1075471327@cadabra.stanford.edu>
References: <4016AF10.50905@USherbrooke.ca> <71304430.1075201084@cadabra.stanford.edu> <401A732D.4080304@USherbrooke.ca> <341541440.1075471327@cadabra.stanford.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Hi Quanah,

Even though this might really be a LDBM vs BDB issue, I'm still not convinced... :)

If I try something like this :

ldapsearch "(&(givenName=marc)(sn=gaudreau)(uidNumber=999999))"
or
ldapsearch "(&(cn=marc)(uidNumber=999999))"

I also immediatlely get nothing back (add a star after "marc" and I get the correct entry in both cases).

I did a little bit more research on this and here is what I found so far...

The problem seems to happen whenever these conditions are met :

1- The search filter tries an exact match on an attribute for "x" and there exists at least one entry in the directory where the attribute is "x-something". 2- The search filter contains at least one condition that is met by a lot of entries. 3- The order in which the filter is built seems to matter.

However, it seems to happen pretty much all the time for "givenName" and "sn" but I did not find any problems with the "cn" attribute...

Here are some further examples of working and non-working search filters :

For these examples, let's say we have these entries in the directory :

givenName: Marc-Andre
sn: Gaudreau

givenName: Marc
sn: Smith

givenName: Quanah
sn: Gibson-Mount

givenName: Joe
sn: Gibson

and a few thousand more...  :)

Working filters :

(cn=marc) (&(cn=marc)(objectClass=person)) => ("cn" seems to be ok...) (&(givenName=marc)(sn=gaudreau)) (&(objectClass=person)(givenName=marc)(sn=gaudreau)) => (because the objectClass condition is before everything else, this works fine)

Non-working filters :

(&(givenName=marc)(sn=gaudreau)(objectClass=person)) => (this time the objectClass condition is at the end and this does not work) (&(givenName=quanah)(sn=gibson)(objectClass=person)) => (same problem but with "sn" instead) (&(givenName=joe)(sn=gibson)(objectClass=person)) => (this still does not work because of the "Gibson-Mount" entry) (&(givenName=joe*)(sn=gibson)(objectClass=person)) (&(givenName=marc)(sn=smith)(anythingReturningALotOfCandidates))

Thanks again for your help (please tell me if I could post any other usefull info).

Quanah Gibson-Mount wrote:

Hi Marc,
I think this might be specific to the LDBM backend. With my BDB database, when I do a query like this:
ldsearch "(&(cn=Joe)(suptsuid=6199))"
I immediately get nothing back (Note that I changed the real name, which has a hyphenated entry to protect that person's identity.)
When I do:
ldsearch "(&(cn=Joe*)(suptsuid=6199))"
I get the correct entry.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Too many candidates on ldapsearch
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: MIT Kerberos v5 and OpenLDAP
Next by Date: cn=Monitor no information
Index(es):
- Chronological
- Thread