[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP filter question

To: openldap-technical@openldap.org
Subject: LDAP filter question
From: Antonio Batovanja <batovanja@humanomed.at>
Date: Fri, 29 Oct 2010 11:58:36 +0200
Content-disposition: inline
Organization: Humanomed
User-agent: KMail/1.9.10

Hi,

I'm having problems finding documentation for range filters.
Can someone explain to me how to use a range filter on shadowExpire?

From nis.schema:
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
so it's an integer value.

from my slapd.conf (openldap 2.3.38):
index shadowExpire pres,eq

I'd like to find entries where either shadowExpire is not present, or 
shadowExpire is present and greater than or equal to X.

# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire=*))' dn
returns 978 entries.

# ldapsearch -x '(&(objectclass=shadowaccount)(!(shadowexpire=*)))' dn
returns 311 entries.

But:
# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire>1000))' dn
gives me ldap_search_ext: Bad search filter (-7)
and
# ldapsearch -x '(&(objectclass=shadowaccount)(shadowexpire>=1000))' dn
returns no results.

At least one entry has shadowExpire > 1000:
# ldapsearch -x -LLL uid=toni objectclass shadowexpire
dn: cn=Batovanja Antonio,ou=People,ou=EDV Zentrale,dc=humanomed,dc=at
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hmUserExtention
objectClass: organizationalPerson
shadowExpire: 20000

My final filter should be
(|(shadowExpire=0)(shadowExpire>=14910)(!(shadowExpire=*)))
but that's not working

What am I doing wrong?

Cheers,
Toni

Follow-Ups:
- Alias dereferencing
  - From: Ryan Steele <ryans@aweber.com>

Prev by Date: Re: Error 18: Solaris 10 Native LDAP-Client
Next by Date: Push-based syncrepl + slapo-rwm
Index(es):
- Chronological
- Thread