[Date Prev][Date Next]
Re: LDAP Search: If filter contains nonexistant attribute, entry will not be returned as a 'hit'
> Pierangelo Masarati writes:
>>> My problem is that if a particular entry does not contain each
>>> attribute (sn, cn, and blahblah) they will not get returned as a hit.
>>> The attribute "blahblah" is obviously a nonexistent attribute, but
>>> being inside an "OR" parenthesis group I would assume that wouldn't
> So would I...
>> Your assumption is in contrast with the specifications of an LDAP
>> If "blahblah" is unknown to the DSA (i.e. it does not have a schema
>> specification), then the __entire__ OR filter evaluates to UNDEFINED,
>> according to draft-ietf-ldapbis-protocol.
> draft-ietf-ldapbis-protocol-31.txt, 22.214.171.124 SearchRequest.filter says:
> A filter of the "or" choice is FALSE if all of
> the filters in the SET OF evaluate to FALSE, TRUE if at least one
> filter is TRUE, and Undefined otherwise.
> Think of UNDEFINED as "the server can't tell" in this context. If
> anything else in the (|...) matches, then the server can tell that the
> filter matches whether or not the undefined component would match.
Again apologies. Both Jeremiah and I wrote __OR__, but my mind was
erroneously thinking __AND__. I definitely need to reboot.
In fact, OpenLDAP's slapd is correctly treating that filer as valid, and
returning data if any of the valid portions of the filter match:
[user@host]$ ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -LLL
dn: cn=Barbara Jensen,ou=Information Technology
dn: cn=Bjorn Jensen,ou=Information Technology
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497