[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Search: If filter contains nonexistant attribute, entry will not be returned as a 'hit'

> Pierangelo Masarati writes:
>>>    (&(objectClass=person)(|(sn=*jere*)(cn=*jere*)(blahblah=*jere*))(mail=*))
>>> My problem is that if a particular entry does not contain each
>>> attribute (sn, cn, and blahblah) they will not get returned as a hit.
>>> The attribute "blahblah" is obviously a nonexistent attribute, but
>>> being inside an "OR" parenthesis group I would assume that wouldn't
>>> matter.
> So would I...
>> Your assumption is in contrast with the specifications of an LDAP
>> filter.
>> If "blahblah" is unknown to the DSA (i.e. it does not have a schema
>> specification), then the __entire__ OR filter evaluates to UNDEFINED,
>> according to draft-ietf-ldapbis-protocol.
> Huh?
> draft-ietf-ldapbis-protocol-31.txt, SearchRequest.filter says:
>    A filter of the "or" choice is FALSE if all of
>    the filters in the SET OF evaluate to FALSE, TRUE if at least one
>    filter is TRUE, and Undefined otherwise.
> Think of UNDEFINED as "the server can't tell" in this context.  If
> anything else in the (|...) matches, then the server can tell that the
> filter matches whether or not the undefined component would match.

Again apologies.  Both Jeremiah and I wrote __OR__, but my mind was
erroneously thinking __AND__.  I definitely need to reboot.

In fact, OpenLDAP's slapd is correctly treating that filer as valid, and
returning data if any of the valid portions of the filter match:

[user@host]$ ldapsearch -x -H ldap://:9011 -b 'dc=example,dc=com' -LLL
dn: cn=Barbara Jensen,ou=Information Technology

dn: cn=Bjorn Jensen,ou=Information Technology


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497