[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Too many candidates on ldapsearch

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Too many candidates on ldapsearch
From: Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca>
Date: Tue, 03 Feb 2004 09:29:33 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <14825858.1075739964@cadabra.stanford.edu>
References: <4016AF10.50905@USherbrooke.ca> <71304430.1075201084@cadabra.stanford.edu> <401A732D.4080304@USherbrooke.ca> <341541440.1075471327@cadabra.stanford.edu> <401E7C8D.5090809@USherbrooke.ca> <14825858.1075739964@cadabra.stanford.edu>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Hi Quanah,

Actually, the filter in your example would also work here. Like I said I did not find a non-working example with the "cn" attribute. If your directory maintains the "givenName" and "sn" attributes, it would be interresting to see if something like "(&(givenName=gibson)(cn=brown)(objectclass=posixaccount))" works (that is assuming there is a "gibson-gibson brown" but NO "gibson brown" in your directory).

Quanah Gibson-Mount wrote:

--On Monday, February 02, 2004 11:36 AM -0500 Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca> wrote:
Working filters :
(cn=marc)
(&(cn=marc)(objectClass=person))  =>  ("cn" seems to be ok...)
(&(givenName=marc)(sn=gaudreau))
(&(objectClass=person)(givenName=marc)(sn=gaudreau))  => (because the
objectClass condition is before everything else, this works fine)
Non-working filters :
(&(givenName=marc)(sn=gaudreau)(objectClass=person))  => (this time the
objectClass condition is at the end and this does not work)
(&(givenName=quanah)(sn=gibson)(objectClass=person))  => (same problem
but with "sn" instead)
(&(givenName=joe)(sn=gibson)(objectClass=person))  => (this still does
not work because of the "Gibson-Mount" entry)
(&(givenName=joe*)(sn=gibson)(objectClass=person))
(&(givenName=marc)(sn=smith)(anythingReturningALotOfCandidates))
Hi Marc,
I still am unable to recreate this behavior. I've done the following search:
"(&(suafsstatus=active)(cn=gibson)(objectclass=posixaccount))"
And it immediately returns with nothing, where suafsstatus=active is an index that has thousands of matches, and objectclass=posixaccount also returns thousands of matches. "cn=gibson" is a cn entry with the first bit hyphenated (like cn=gibson-gibson brown).

Changing it go (cn=gibson*) correctly returns with a number of matching entries.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: Too many candidates on ldapsearch
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Re: Too many candidates on ldapsearch
  - From: Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca>
- Re: Too many candidates on ldapsearch
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: LDap based automounts and Mac OS X.
Next by Date: Re: cn=Monitor no information
Index(es):
- Chronological
- Thread