[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debugging a module



Hi Quanah,

Quanah Gibson-Mount wrote:
>> This is how filters work in LDAP.  It sounds to me like things are
>> working correctly.  I.e., if I search for "objectClass=joe" objectClass,
>> it will return every entry that has an objectClass value of joe, and all
>> the values for objectClass.
>>
>> If I search for "(member=uid=user1,ou=users,dc=example,dc=com)", it will
>> return to me every group that has a member attribute matching that value.
>>
>> I see nothing wrong in the behavior here, just in the understanding of
>> how filters work.  Let me know if you have further questions.
> 
> To expand on this a little bit more:
> 
> LDAP filters are used to limit the number of entries returned.  They do
> not limit attr=value pairs.
> 
> Generally, with groups, the most common operation is the ldapcompare
> operation.  It lets you "ask" whether or not a given value is assigned
> to an attribute in a specific entry.
> 
> I.e., I can ask "Is uid=user1,ou=users,dc=example,dc=com a value for the
> member attribute in the group cn=testgroup ou=Groups,dc=example,dc=com"
> using the ldapcompare operation.  It will answer one of three ways:
> TRUE, FALSE, or UNDEFINED.
> 
> <http://www.openldap.org/software/man.cgi?query=ldapcompare&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>
> 

Ah, your responses have been most helpful, thank you!  The ldapcompare operation might actually satisfy the end-goals I
was hoping to achieve by returning the dn or uid explicitly.  Cheers!

Respectfully,
Ryan