[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch issue

To: Edward De Jongh <Edwardd@discovery.co.za>
Subject: Re: ldapsearch issue
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 28 Apr 2005 12:39:04 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <655DD419B87E5440891522C759C4E5700CA5CB@DHEXBEDEV.discovery.holdings.co.za>
References: <655DD419B87E5440891522C759C4E5700CA5CB@DHEXBEDEV.discovery.holdings.co.za>

Edward De Jongh writes:
> (...)
> if I search for a user like so:
>
> Attributes attrs = ctx.getAttributes("cn=someone
> x,ou=somewhere,dc=example,dc=co,dc=za");

That's a direct lookup of an entry by its name (DN).  LDAP implements
that as a a search with scope=base, which only examines the named DN.

> (...)
> dn: cn=someone x,ou=somewhere,dc=example,dc=co,dc=za
> objectclass: lifeUser
> displayName: something
> employeeNumber: 1031275942
> cn: someone
> sn: x
> role: NB_SPECIAL_PROJECTS
> role: ROLE.SPECIALPROJECTS
>
> However I cannot do a search based on employee number
>
> Like so   employeeNumber=1031275942,ou=somewhere,dc=example,dc=co,dc=za

To search for employee number when that is not part of the entry name,
use search filter "(employeeNumber=1031275942)"
or maybe "(&(employeeNumber=1031275942)(objectClass=lifeUser))".

With search scope subtree (sometimes called sub) you can use search base
"dc=example,dc=co,dc=za" or "ou=somewhere,dc=example,dc=co,dc=za".  With
search scope onelevel (also called singleLevel or one) you can only use
the latter search base.

Also read up on LDAP basics.  The difference between DN and filter is
_very_ basic.

-- 
Hallvard

References:
- ldapsearch issue
  - From: "Edward De Jongh" <Edwardd@discovery.co.za>

Prev by Date: Re: how to set entry cache
Next by Date: access to dn= & filter= & attr=
Index(es):
- Chronological
- Thread