[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP filter question
Hi,
I'm having problems finding documentation for range filters.
Can someone explain to me how to use a range filter on shadowExpire?
From nis.schema:
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
so it's an integer value.
from my slapd.conf (openldap 2.3.38):
index shadowExpire pres,eq
I'd like to find entries where either shadowExpire is not present, or
shadowExpire is present and greater than or equal to X.
# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire=*))' dn
returns 978 entries.
# ldapsearch -x '(&(objectclass=shadowaccount)(!(shadowexpire=*)))' dn
returns 311 entries.
But:
# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire>1000))' dn
gives me ldap_search_ext: Bad search filter (-7)
and
# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire>=1000))' dn
returns no results.
At least one entry has shadowExpire > 1000:
# ldapsearch -x -LLL uid=toni objectclass shadowexpire
dn: cn=Batovanja Antonio,ou=People,ou=EDV Zentrale,dc=humanomed,dc=at
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hmUserExtention
objectClass: organizationalPerson
shadowExpire: 20000
My final filter should be
(|(shadowExpire=0)(shadowExpire>=14910)(!(shadowExpire=*)))
but that's not working
What am I doing wrong?
Cheers,
Toni