[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with ldapsearch

Jose Manuel Lopez writes:
> I want search the entry and see all attributes except one concrete
> attribute, for example jpegphoto.

The protocol has no support for that, and I'm not aware of an extension
for it.

The simplest way is to pass the ldapsearch output through a filter which
removes the attribute:

 ldapsearch arguments... | perl -p00e 's/^jpegPhoto:.*\n( .*\n)*//gim'

Or if you know which schema the server is using for the entries and
which attributes which _might_ exist (e.g. any attribute allowed by the
object classes your entries are using), simply request all the
attributes you could conceivably be interested in, and not the one you
don't want.

OpenLDAP does have an extesion that if you ask for the "attribute"
'!foo', it will return all attributes which are not in object class foo.
So if you define a foo object class in the server with the unwanted
attribute as a member, you can ask for that.  However, this will also
return operational attributes like createTimestamp and entryCSN, maybe
that's not what you want.  You could instead define an object class
'bar' the attributes you do want, and ask for '@bar'.

Another way the server can support this is to set up access controls so
that the particular user you bind as, or your host, or whatever, cannot
access the unwanted attribute.  Then the server will return the entries
without the attribute.