[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Debugging a module
Hi Quanah,
Quanah Gibson-Mount wrote:
>> This is how filters work in LDAP. It sounds to me like things are
>> working correctly. I.e., if I search for "objectClass=joe" objectClass,
>> it will return every entry that has an objectClass value of joe, and all
>> the values for objectClass.
>>
>> If I search for "(member=uid=user1,ou=users,dc=example,dc=com)", it will
>> return to me every group that has a member attribute matching that value.
>>
>> I see nothing wrong in the behavior here, just in the understanding of
>> how filters work. Let me know if you have further questions.
>
> To expand on this a little bit more:
>
> LDAP filters are used to limit the number of entries returned. They do
> not limit attr=value pairs.
>
> Generally, with groups, the most common operation is the ldapcompare
> operation. It lets you "ask" whether or not a given value is assigned
> to an attribute in a specific entry.
>
> I.e., I can ask "Is uid=user1,ou=users,dc=example,dc=com a value for the
> member attribute in the group cn=testgroup ou=Groups,dc=example,dc=com"
> using the ldapcompare operation. It will answer one of three ways:
> TRUE, FALSE, or UNDEFINED.
>
> <http://www.openldap.org/software/man.cgi?query=ldapcompare&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>
>
Ah, your responses have been most helpful, thank you! The ldapcompare operation might actually satisfy the end-goals I
was hoping to achieve by returning the dn or uid explicitly. Cheers!
Respectfully,
Ryan