[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searching without matching derived attributes

--On Monday, May 09, 2005 11:47 AM -0500 Digant C Kasundra <digant@uta.edu> wrote:

Hello everyone,

I have a feeling this may not actually be an error of sorts, and with
smart applications, this shouldn't even be a usability issue.
Nevertheless, I have an application (HP 9100c Digital Sender) that
searches OpenLDAP directory for a mail attribute associated with an
account.  Unfortunately, when it does its search, it gets back the mail
attribute, and the utaMailAlias attribute because utaMailAlias is
derived from mail:

# utaMailAlias -- email alias value
attributetype ( NAME 'utaMailAlias'
	DESC 'Email alias'
	SUP mail)

The attribute I am wanting is only mail, but OpenLDAP will return both
mail and utaMailAlias.

ldapsearch -H "ldaps://HOSTNAME" -b "cn=accounts,dc=uta,dc=edu"
"(uid=digant)" mail

# digant, accounts, uta, edu
dn: uid=digant,cn=accounts,dc=uta,dc=edu
mail: digant@exchange.uta.edu
utaMailAlias: digant@uta.edu

Is there a way to keep derived attribute types from being returned?
When this happens, the digital sender just assumes something went wrong
instead of correctly using just the mail attribute.

Don't SUP it. Use your OID for the NAME, and use the same SYNTAX as the mail attribute. ;)

I am using OpenLDAP 2.2.23 on Red Hat AS 3.0.  (I should probably
upgrade to the latest OpenLDAP, huh?)

Probably a good idea. You might want to pick up the latest BDB patches for 4.2.52 (there's 2 new ones) and the couple of patches I have for 2.2.26 off my site.


-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin