[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapsearch client] pb with a filter





Pierangelo Masarati wrote:
Helene.Lastennet@alcatel.fr wrote:

Hi,

I try to make a ldapsearch from a specific filter (using cf. RFC1558) and it doesn't work ...
Can you help me about it ?
Here are the information to describe the context:

*1. **ldapsearch **command:*

[root@devums openldap]#* ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn*
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#

# search result
search: 2
result: 0 Success
# numResponses: 1
[root@devums openldap]#

*2. sample of the ldif file:*

dn: ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: INDEXES

dn: ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou:weblogin

dn: ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: range00

dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectClass: commonuser
objectClass: indexnode
*weblogin: +33299879654*
cn: +33299879654
accountStatus: 1
host: devums
*refdn: uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,
 c=fr*

*3. 'refdn' attribute syntax in openldap schema:*

Attributetype ( 1.3.6.1.4.1.6287.300.1.68 NAME 'refdn'
        DESC 'referral information'
        *SYNTAX 1.3.6.1.4.1.1466.115.121.1.12*
        SINGLE-VALUE )

add "EQUALITY distinguishedNameMatch" to the definition of refdn.

p.


I added "EQUALITY distinguishedNameMatch" to the definition of refdn in my ldap schema
I restarted + populated again openldap

STEP 1: test KO

I executed again my ldapsearch in adding (according to the "RFC 2254 - The String Representation of LDAP Search Filters") in  front of the '\' character of the filter the code '5c',
but it's always KO!
Note : in fact, initially uid =20041220092234505+33299879650, so it contains a + character and according to the dn encoding format the uid becomes "20041220092234505\2B33299879650"
and according to the filter encoding format the uid becomes "20041220092234505\5c2B33299879650"

KO ldapsearch Example:
[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=20041216142823992\5c2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=
200412161428239925c2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#
# search result
search: 2
result: 0 Success
# numResponses: 1
[root@devums]#


STEP 2: test OK

But I made a new test after having modified the uid value in database:
I removed the \ character from the uid  (which is not correct and possible for our application)
So the dn entry becomes in database:
dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectClass: commonuser
objectClass: indexnode
weblogin: +33299879654
cn: +33299879654
accountStatus: 1
host: devums
refdn: uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,
 c=fr

Then I executed my ldapsearch and it works : my entry is found:
[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#

# \2B33299879654, range00, weblogin, INDEXES, alcatel, fr
dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@devums]#


Please do you have an idea about this problem ?
How doing to convert correctly \2B in the filter encoding format ??

Helene