[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapsearch client] pb with a filter

To: Helene.Lastennet@alcatel.fr
Subject: Re: [ldapsearch client] pb with a filter
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 20 Dec 2004 13:18:50 +0100
Cc: openldap openldap <openldap-software@OpenLDAP.org>
References: <41C195F6.2000700@alcatel.fr> <41C3F202.5090908@sys-net.it> <41C6A29C.8000404@alcatel.fr>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Helene.Lastennet@alcatel.fr wrote:

Pierangelo Masarati wrote:
Helene.Lastennet@alcatel.fr wrote:
Hi,
I try to make a ldapsearch from a specific filter (using cf. RFC1558) and it doesn't work ... Can you help me about it ? Here are the information to describe the context:
*1. **ldapsearch **command:*
[root@devums openldap]#* ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn* # extended LDIF # # LDAPv3 # base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub # filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#
# search result
search: 2
result: 0 Success
# numResponses: 1
[root@devums openldap]#
*2. sample of the ldif file:*
dn: ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: INDEXES
dn: ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou:weblogin
dn: ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: range00
dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr

objectClass: commonuser objectClass: indexnode *weblogin: +33299879654* cn: +33299879654 accountStatus: 1 host: devums *refdn: uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel, c=fr*
*3. 'refdn' attribute syntax in openldap schema:*
Attributetype ( 1.3.6.1.4.1.6287.300.1.68 NAME 'refdn'
        DESC 'referral information'
        *SYNTAX 1.3.6.1.4.1.1466.115.121.1.12*
        SINGLE-VALUE )
add "EQUALITY distinguishedNameMatch" to the definition of refdn.
p.
I added "EQUALITY distinguishedNameMatch" to the definition of refdn in my ldap schema I restarted + populated again openldap
_*STEP 1:*_* test KO*
I executed again my ldapsearch in adding (according to the "RFC 2254 - The String Representation of LDAP Search Filters") in front of the '\' character of the filter the code '5c', but it's always *KO!* /_Note :_/ in fact, initially uid =20041220092234505*+*33299879650, so it contains a + character and according to the dn encoding format the uid becomes "20041220092234505*\2B*33299879650" and according to the filter encoding format the uid becomes "20041220092234505*\5c2B*33299879650"

_KO ldapsearch Example:_ *[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=**20041216142823992\5c2B33299879654**,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn # extended LDIF # # LDAPv3 # base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub # filter: (refdn=uid=**200412161428239925c2B33299879654**,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr) # requesting: dn # # search result search: 2 result: 0 Success # numResponses: 1 [root@devums]#*
_*STEP 2:*_* test OK*
But I made a new test after having modified the uid value in database: I removed the \ character from the uid (which is not correct and possible for our application) So the dn entry becomes in database: *dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr objectClass: commonuser objectClass: indexnode weblogin: +33299879654 cn: +33299879654 accountStatus: 1 host: devums refdn: uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel, c=fr * Then I executed my ldapsearch and it works : my entry is found: *[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn # extended LDIF # # LDAPv3 # base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub # filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr) # requesting: dn #

# \2B33299879654, range00, weblogin, INDEXES, alcatel, fr dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[root@devums]#
*
Please do you have an idea about this problem ?
How doing to convert correctly \2B in the filter encoding format ??

the '\' is being escaped by your shell. Put single quotes only at the begin and at the end of the filter, i.e. 'filter', not '('filter')'. p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: [ldapsearch client] pb with a filter
  - From: Helene.Lastennet@alcatel.fr

References:
- [ldapsearch client] pb with a filter
  - From: Helene.Lastennet@alcatel.fr
- Re: [ldapsearch client] pb with a filter
  - From: Helene.Lastennet@alcatel.fr

Prev by Date: Re: [ldapsearch client] pb with a filter
Next by Date: Re: [ldapsearch client] pb with a filter
Index(es):
- Chronological
- Thread