[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debugging a module

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: Debugging a module
From: Ryan Steele <ryans@aweber.com>
Date: Mon, 21 Sep 2009 11:05:49 -0400
Cc: openldap-software@openldap.org
In-reply-to: <6732C0F69B7C089E558FE2A9@[192.168.1.199]>
References: <4AAF932F.3020403@ronie.com.br> <Pine.SOC.4.64.0909151115031.4474@toolbox.rutgers.edu> <4AAFDCA7.7020909@aweber.com> <4AB12823.4030809@symas.com> <4AB14DA8.7090700@aweber.com> <8e4dbfa80909170526s2f382d00p79474050a8eb28ed@mail.gmail.com> <4AB3CDD2.9040200@aweber.com> <78863FCCC15B5B4E30A71151@[192.168.1.199]> <6732C0F69B7C089E558FE2A9@[192.168.1.199]>
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

Hi Quanah,

Quanah Gibson-Mount wrote:
>> This is how filters work in LDAP.  It sounds to me like things are
>> working correctly.  I.e., if I search for "objectClass=joe" objectClass,
>> it will return every entry that has an objectClass value of joe, and all
>> the values for objectClass.
>>
>> If I search for "(member=uid=user1,ou=users,dc=example,dc=com)", it will
>> return to me every group that has a member attribute matching that value.
>>
>> I see nothing wrong in the behavior here, just in the understanding of
>> how filters work.  Let me know if you have further questions.
> 
> To expand on this a little bit more:
> 
> LDAP filters are used to limit the number of entries returned.  They do
> not limit attr=value pairs.
> 
> Generally, with groups, the most common operation is the ldapcompare
> operation.  It lets you "ask" whether or not a given value is assigned
> to an attribute in a specific entry.
> 
> I.e., I can ask "Is uid=user1,ou=users,dc=example,dc=com a value for the
> member attribute in the group cn=testgroup ou=Groups,dc=example,dc=com"
> using the ldapcompare operation.  It will answer one of three ways:
> TRUE, FALSE, or UNDEFINED.
> 
> <http://www.openldap.org/software/man.cgi?query=ldapcompare&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>
> 

Ah, your responses have been most helpful, thank you!  The ldapcompare operation might actually satisfy the end-goals I
was hoping to achieve by returning the dn or uid explicitly.  Cheers!

Respectfully,
Ryan

References:
- set.regex and substring substitution
  - From: Ronie Gilberto Henrich <ronie@ronie.com.br>
- Re: set.regex and substring substitution
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Debugging a module
  - From: Ryan Steele <ryans@aweber.com>
- Re: Debugging a module
  - From: Howard Chu <hyc@symas.com>
- Re: Debugging a module
  - From: Ryan Steele <ryans@aweber.com>
- Re: Debugging a module
  - From: Andreas Hasenack <panlinux@gmail.com>
- Re: Debugging a module
  - From: Ryan Steele <ryans@aweber.com>
- Re: Debugging a module
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Debugging a module
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: problem with replication [syncrepl] hash of passwords
Next by Date: RE: slapd consumer deletes entries
Index(es):
- Chronological
- Thread