[Date Prev][Date Next] [Chronological] [Thread] [Top]

RES: Search with wildcard

To: Michael Ströder <michael@stroeder.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: RES: Search with wildcard
From: Alessandro Lasmar Mourao <alessandro.mourao@caixa.gov.br>
Date: Wed, 28 Jan 2015 21:52:46 +0000
Accept-language: pt-BR, en-US
Content-language: pt-BR
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=caixa.gov.br; i=postmaster@caixa.gov.br; l=1800; q=dns/txt; s=caixadkim; t=1422481978; x=1454017978; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; z=From:=20Alessandro=20Lasmar=20Mourao=20<alessandro.moura o@caixa.gov.br>|To:=20=3D?iso-8859-1?Q?Michael_Str=3DF6de r?=3D=20<michael@stroeder.com>,=0D=0A=09"openldap-technic al@openldap.org"=20<openldap-technical@openldap.org> |Subject:=20RES:=20Search=20with=20wildcard|Date:=20Wed, =2028=20Jan=202015=2021:52:46=20+0000|Message-ID:=20<28AB 54FB485A754DA492D80E5C43E2635E71A8C2@dfexchsd002.corp.cai xa.gov.br>|References:=20<28AB54FB485A754DA492D80E5C43E26 35E719863@dfexchsd002.corp.caixa.gov.br>=0D=0A=20<54C942B 3.1080705@stroeder.com>|In-Reply-To:=20<54C942B3.1080705@ stroeder.com>|Content-Transfer-Encoding:=20quoted-printab le|MIME-Version:=201.0; bh=s+ehnLL2n4BQbMPa6vRidzNVejKEFBsMjUWFYDC75JY=; b=N4HFjPvXQ915JmwjjNDU2m6WJmXigcJO9JzT17BR3eGTTm5SyLldpmIr qgrveaWB2W146Bjk5Oie+925jReSNX/i9Pt+GSIpLDpTTITjquJAnDhKh cRGhHP3BrhpOsnR8esk62Q8gLEGVwjYU+2Ea7XC0p5F0e9cxMSnJyGreg Fe5UdK18JSR9aKLBKaTaFGhKPeHvCmfCeU1fg6bOUpLXcwmuOvXHtWTl0 3H6Gy73h4ri91fB1BOsne2Y9/rtNalC0XewDiqziyDBjlMWHQOHlWMxH5 S+W/BqccHqhAy4r9JolFgypeZG7AWf0AFvJjBMZmZRtJyrE1anMaNY/tr g==;
In-reply-to: <54C942B3.1080705@stroeder.com>
References: <28AB54FB485A754DA492D80E5C43E2635E719863@dfexchsd002.corp.caixa.gov.br> <54C942B3.1080705@stroeder.com>
Thread-index: AQHQOzbB3X2PBrDVQX2qxcglCB+r75zWC8dA
Thread-topic: Search with wildcard

Michael,

Thank's for help!!
When I used the filter memberOf:dn:dnSubordinateMatch:=cn=system1,ou=groups works!!!

Thanks a lot,

Alessandro Lasmar Mourão

-----Mensagem original-----
De: Michael Ströder [mailto:michael@stroeder.com] 
Enviada em: quarta-feira, 28 de janeiro de 2015 18:13
Para: Alessandro Lasmar Mourao; openldap-technical@openldap.org
Assunto: Re: Search with wildcard

Alessandro Lasmar Mourao wrote:
> I have the following structure in my OpenLDAP:
> 
> ou = groups
> |_cn = system1
> | | _cn = Group1
> | | _cn = Group2
> |_cn = system2
>   | _cn = Group1
>   | _cn = Group2
> 
> I need to perform a search and return only users who are registered on system1, regardless of the registered group.
> When I use the search with the filter: memberOf=cn=*,cn=system1,ou=groups nothing is returned.
> How do I perform this search in OpenLDAP?

Attribute 'memberOf' is of LDAP syntax DistinguishedName. Therefore the SUBSTR
matching rule for DirectoryString syntax does not apply.

You could use this filter:

  (memberOf:dnSubordinateMatch:=cn=system1,ou=groups)

Not exactly the same since it does not assert the group entry RDN being 'cn'
but it matches your textual description.

> In search Oracle SJDS works!

Is Oracle SJDS yet another LDAP server product name for the former Sun product
or Oracle's OID?

If the search with memberOf=cn=*,cn=system1,ou=groups works there they do not
implement proper DN syntax checking and matching rules and simply apply e.g.
the DirectoryString SUBSTR matching rule or whatever. That's convenient for
lazy programmers but is not compliant to RFC 4517. A typical behaviour of
Sun's DSSE up to 6.x.

Ciao, Michael.

References:
- Search with wildcard
  - From: Alessandro Lasmar Mourao <alessandro.mourao@caixa.gov.br>
- Re: Search with wildcard
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Search with wildcard
Next by Date: Re: Re: LMDB usage on windows - to much memory needed
Index(es):
- Chronological
- Thread