[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Search queries with greater-than or smaller-than
Tobias Prinz wrote:
> I am just starting with LDAP, but there is some basic thing that I do not
> understand and that does not make sense at all:
>
> I have got an OpenLDAP server and it does contain data.
>
> This search returns a bunch of results:
> ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com
> -LLL '(gidNumber=500)'
>
> Yet this returns no results:
> ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com
> -LLL '(gidNumber>=500)'
>
> So I invert it and this returns no results either:
> ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com
> -LLL '(!(gidNumber>=500))'
>
> This simply fails (okay, I knew that, but at least I know the ones above are
> not syntax errors, because the greater-sign alone is not defined as a filter
> in RFC 1960 nor RFC 4515):
> ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com
> -LLL '(gidNumber>499)'
>
> Can someone point me in the right direction, please?
In general: To make greater-than or smaller-than filters work there has to be
an ORDERING matching rule defined for the attribute types in question.
In particular for gidNumber: The ORDERING matching rules for uidNumber and
gidNumber were added to schema_prep.c recently (OpenLDAP release 2.4.25, see
also ITS#6852). So you probably have to upgrade.
Ciao, Michael.