[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapsearch client] pb with a filter



Thanks a lot , it works now ;-P

Pierangelo Masarati wrote:
Helene.Lastennet@alcatel.fr wrote:



Pierangelo Masarati wrote:

Helene.Lastennet@alcatel.fr wrote:

Hi,

I try to make a ldapsearch from a specific filter (using cf. RFC1558) and it doesn't work ...
Can you help me about it ?
Here are the information to describe the context:

*1. **ldapsearch **command:*

[root@devums openldap]#* ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn*
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#

# search result
search: 2
result: 0 Success
# numResponses: 1
[root@devums openldap]#

*2. sample of the ldif file:*

dn: ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: INDEXES

dn: ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou:weblogin

dn: ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectclass: organizationalUnit
ou: range00

dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectClass: commonuser
objectClass: indexnode
*weblogin: +33299879654*
cn: +33299879654
accountStatus: 1
host: devums
*refdn: uid=20041216142823992\2B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,
 c=fr*

*3. 'refdn' attribute syntax in openldap schema:*

Attributetype ( 1.3.6.1.4.1.6287.300.1.68 NAME 'refdn'
        DESC 'referral information'
        *SYNTAX 1.3.6.1.4.1.1466.115.121.1.12*
        SINGLE-VALUE )


add "EQUALITY distinguishedNameMatch" to the definition of refdn.

p.


I added "EQUALITY distinguishedNameMatch" to the definition of refdn in my ldap schema
I restarted + populated again openldap

_*STEP 1:*_* test KO*

I executed again my ldapsearch in adding (according to the "RFC 2254 - The String Representation of LDAP Search Filters") in  front of the '\' character of the filter the code '5c',
but it's always *KO!*
/_Note :_/ in fact, initially uid =20041220092234505*+*33299879650, so it contains a + character and according to the dn encoding format the uid becomes "20041220092234505*\2B*33299879650"
and according to the filter encoding format the uid becomes "20041220092234505*\5c2B*33299879650"

_KO ldapsearch Example:_
*[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=**20041216142823992\5c2B33299879654**,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=**200412161428239925c2B33299879654**,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#
# search result
search: 2
result: 0 Success
# numResponses: 1
[root@devums]#*

_*STEP 2:*_* test OK*

But I made a new test after having modified the uid value in database:
I removed the \ character from the uid  (which is not correct and possible for our application)
So the dn entry becomes in database:
*dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr
objectClass: commonuser
objectClass: indexnode
weblogin: +33299879654
cn: +33299879654
accountStatus: 1
host: devums
refdn: uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,
 c=fr
*
Then I executed my ldapsearch and it works : my entry is found:
*[root@devums]# ldapsearch -x -D "cn=admin,ou=INDEXES,o=alcatel,c=fr" -w secret  -b "ou=weblogin,ou=INDEXES,o=alcatel,c=fr" -h devums:389 '('refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr')' dn
# extended LDIF
#
# LDAPv3
# base <ou=weblogin,ou=INDEXES,o=alcatel,c=fr> with scope sub
# filter: (refdn=uid=200412161428239922B33299879654,ou=REPOSITORY,ou=CONTENT,o=alcatel,c=fr)
# requesting: dn
#

# \2B33299879654, range00, weblogin, INDEXES, alcatel, fr
dn: weblogin=\2B33299879654,ou=range00,ou=weblogin,ou=INDEXES,o=alcatel,c=fr

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@devums]#
*

Please do you have an idea about this problem ?
How doing to convert correctly \2B in the filter encoding format ??

the '\' is being escaped by your shell.  Put single quotes only at the begin and at the end of the filter, i.e. 'filter', not '('filter')'.
p.




   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497