[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Limiting Search Results By Group Membership

To: "Howard Chu" <hyc@symas.com>
Subject: Re: Antw: Re: Limiting Search Results By Group Membership
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Tue, 25 Jul 2017 15:29:38 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <03f7948b-c6bc-4c50-4036-d018c31ad77f@symas.com>
References: <CAAKHBK=9xo4Z0bp8Nu0n3htXnV9dRWvFd_SSK1gkHzu_Pny5rg@mail.gmail.com> <WM!505710297870eb01e64fc18aa7537461bfedcc1a3db657f29be7a0aa63789e190644fd7ae333ab6dc307922123ae7750!@mailstronghold-3.zmailcloud.com> <d13dc3d6cdaa41b6b689c1f8a0e32971@DM5PR06MB3097.namprd06.prod.outlook.com> <CAAKHBKn7BuzXd0yohRwZf51kZReBfFYa11rMi+O+ya07Di7q1g@mail.gmail.com> <WM!05574397af88eb52e5fef2409aad53becd54e969891d4ff2b7edf559db83814f6861eed32499b25731b6c12b2791b13a!@mailstronghold-3.zmailcloud.com> <65401CE2835A601B53648BC9@[192.168.1.30]> <597591F0020000A100027314@gwsmtp1.uni-regensburg.de> <WM!445771870c767216f474466ce9358d317aaa21556a3aaeba6c08ae70847587ec250ab35f95fb2e1520d78644f1efc14e!@mailstronghold-3.zmailcloud.com> <48d74363-2f0a-739f-d719-515e1fe14997@symas.com> <597740F7020000A10002737F@gwsmtp1.uni-regensburg.de> <WM!9fd27526502066bd6cb1de66719203a80eababaf4f76a4350dbfce63726ba4e843d33ee6fdcd92134e22bb60af5b40ff!@mailstronghold-1.zmailcloud.com> <03f7948b-c6bc-4c50-4036-d018c31ad77f@symas.com>

>>> Howard Chu <hyc@symas.com> schrieb am 25.07.2017 um 15:10 in Nachricht
<03f7948b-c6bc-4c50-4036-d018c31ad77f@symas.com>:
> Ulrich Windl wrote:
>>>>> Howard Chu <hyc@symas.com> schrieb am 25.07.2017 um 14:27 in Nachricht
>> <48d74363-2f0a-739f-d719-515e1fe14997@symas.com>:
>>> Ulrich Windl wrote:
>>>> BTW: Is there an LDAP query to get the schema name for an object class?
>>>> I can list objectclasses and schematas, but I miss the link between those.
>>>
>>> You can search under cn=schema,cn=config using filter
>>> (olcObjectClasses=*<objectclass name>*)
>> 
>> Hi!
>> 
>> Thanks, but I don't quite get it: If I'm trying for "ipService" (which is 
> known), I get an empty result:
>> 
>> # ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=schema,cn=config' -s one 
> '(olcObjectClasses=ipService)' '* +'
>> SASL/EXTERNAL authentication started
>> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>> SASL SSF: 0
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=schema,cn=config> with scope oneLevel
>> # filter: (olcObjectClasses=ipService)
>> # requesting: * +
>> #
>> 
>> # search result
>> search: 2
>> result: 0 Success
>> 
>> Can you give a concrete example, maybe?
> 
> Pay attention to details.
> 
> The filter I specified was ( * <objectclass name> * ) - a substring filter.
> 
> The filter you used was an exact match filter, which obviously doesn't match 
> 
> anything.

Thanks for pointing that out, Howard,

the meta-language is somewhat imprecise: I had interpreted that to be a pattern to substitute. Now this command provided what I was looking for:
# ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=schema,cn=config' -s one '(olcObjectClasses=*ipService*)' dn

# {3}rfc2307bis, schema, config
dn: cn={3}rfc2307bis,cn=schema,cn=config

Regards,
Ulrich


> 
> -- 
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com 
>    Director, Highland Sun     http://highlandsun.com/hyc/ 
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Limiting Search Results By Group Membership
  - From: Douglas Duckworth <dod2014@med.cornell.edu>
- Re: Limiting Search Results By Group Membership
  - From: Douglas Duckworth <dod2014@med.cornell.edu>
- Re: Limiting Search Results By Group Membership
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Antw: Re: Limiting Search Results By Group Membership
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Limiting Search Results By Group Membership
  - From: Howard Chu <hyc@symas.com>
- Re: Antw: Re: Limiting Search Results By Group Membership
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Limiting Search Results By Group Membership
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Sometimes openldap messages are logged in incorrect order
Next by Date: Re: Sometimes openldap messages are logged in incorrect order
Index(es):
- Chronological
- Thread