[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Resolving groups (neophyte question)
I coulda sworn I did this before a long time ago, and it worked (maybe Netscape DS 3.x),
but it's a really ugly way to do it, and given that the dn is kinda "special", I completely
agree that it's at least bad form.
Definately the best way to go is to use the known dn as the base dn, scope of base, and
a filter of objectclass=*. Actually, does anyone know if it would be more or less efficient
to use objectclass=* vs. objectclass=inetorgperson or whatever objectclass would
further restrict it? - I usually just use objectclass=*, but I wonder if objectclass=inetorgperson
is more efficient, or if it makes it do further comparisions that would slow things down.
-Jeff
Julio Sánchez Fernández wrote:
> Jeff Clowser wrote:
> >
> > Try this:
> > ldapsearch -v -L -s sub -b 'o=mirapoint.com' -h ugh 'dn=uid=bryan,ou=People, o=mirapoint.com'
> >
> > (Note the dn=uid=...)
>
> If that works, then it is another unintended side-effect of the way OpenLDAP
> deals with the DN (treats it as an attribute). I don't think this is
> required behaviour. And as a matter of fact, future changes to OpenLDAP are
> likely to break this. I have my eyes put on some changes that could make
> the DN disappear as an attribute of the entry. So if anyone can provide
> any proof that this is required behaviour, please speak up before I make a
> fool of myself by breaking it.
>
> > Probably a more efficient way would be to make the scope
> > same (-s same?)
>
> -s base
>
> Julio
--
Jeff Clowser
mailto:jclowser@aerotek.com Hanover MD 21076 USA
Phone: (410)-579-4328 7312 Parkway Drive