[Date Prev][Date Next]
Re: LDAP Search: If filter contains nonexistant attribute, entry will not be returned as a 'hit'
> I'm using openLDAP and I'm attempting to search with a filter like the
> In English:
> Find all entries whose "objectClass" is "person", has an email
> address, and one of the following attributes contains "jere": sn, cn,
> In LDAP Filter language:
> My problem is that if a particular entry does not contain each
> attribute (sn, cn, and blahblah) they will not get returned as a hit.
> The attribute "blahblah" is obviously a nonexistent attribute, but
> being inside an "OR" parenthesis group I would assume that wouldn't
Your assumption is in contrast with the specifications of an LDAP filter.
If "blahblah" is unknown to the DSA (i.e. it does not have a schema
specification), then the __entire__ OR filter evaluates to UNDEFINED,
according to draft-ietf-ldapbis-protocol.
> I desire to search many entries in my LDAP for a particular "search
> keyword", and I want to search a couple possible attributes for that
> "search keyword". I would think if an entry's "sn" attribute contained
> "jere" but it didn't have a "cn" or "blahblah" attribute, it would
> still get returned as a "hit". This is not the case.
> Is there a problem with my search filter? Is there another way to
> accomplish what I'm wanting here? Any help would be appreciated.
See above. Note that one means to determine if "blahblah" is supported is
to look at the subschema subentry.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497