[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Search: If filter contains nonexistant attribute, entry will not be returned as a 'hit'

> Hello,
> I'm using openLDAP and I'm attempting to search with a filter like the
> following:
> In English:
>    Find all entries whose "objectClass" is "person", has an email
> address, and one of the following attributes contains "jere": sn, cn,
> blahblah.
> In LDAP Filter language:
>    (&(objectClass=person)(|(sn=*jere*)(cn=*jere*)(blahblah=*jere*))(mail=*))
> My problem is that if a particular entry does not contain each
> attribute (sn, cn, and blahblah) they will not get returned as a hit.
> The attribute "blahblah" is obviously a nonexistent attribute, but
> being inside an "OR" parenthesis group I would assume that wouldn't
> matter.

Your assumption is in contrast with the specifications of an LDAP filter. 
If "blahblah" is unknown to the DSA (i.e. it does not have a schema
specification), then the __entire__ OR filter evaluates to UNDEFINED,
according to draft-ietf-ldapbis-protocol.

> I desire to search many entries in my LDAP for a particular "search
> keyword", and I want to search a couple possible attributes for that
> "search keyword". I would think if an entry's "sn" attribute contained
> "jere" but it didn't have a "cn" or "blahblah" attribute, it would
> still get returned as a "hit". This is not the case.
> Is there a problem with my search filter? Is there another way to
> accomplish what I'm wanting here? Any help would be appreciated.

See above.  Note that one means to determine if "blahblah" is supported is
to look at the subschema subentry.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497