[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-software
Subject:    Re: ldapsearch issue
From:       Hallvard B Furuseth <h.b.furuseth () usit ! uio ! no>
Date:       2005-04-28 10:39:04
Message-ID: hbf.20050428mhxo () bombur ! uio ! no
[Download RAW message or body]

Edward De Jongh writes:
> (...)
> if I search for a user like so:
>
> Attributes attrs = ctx.getAttributes("cn=someone
> x,ou=somewhere,dc=example,dc=co,dc=za");

That's a direct lookup of an entry by its name (DN).  LDAP implements
that as a a search with scope=base, which only examines the named DN.

> (...)
> dn: cn=someone x,ou=somewhere,dc=example,dc=co,dc=za
> objectclass: lifeUser
> displayName: something
> employeeNumber: 1031275942
> cn: someone
> sn: x
> role: NB_SPECIAL_PROJECTS
> role: ROLE.SPECIALPROJECTS
>
> However I cannot do a search based on employee number
>
> Like so   employeeNumber=1031275942,ou=somewhere,dc=example,dc=co,dc=za

To search for employee number when that is not part of the entry name,
use search filter "(employeeNumber=1031275942)"
or maybe "(&(employeeNumber=1031275942)(objectClass=lifeUser))".

With search scope subtree (sometimes called sub) you can use search base
"dc=example,dc=co,dc=za" or "ou=somewhere,dc=example,dc=co,dc=za".  With
search scope onelevel (also called singleLevel or one) you can only use
the latter search base.

Also read up on LDAP basics.  The difference between DN and filter is
_very_ basic.

-- 
Hallvard
[prev in list] [next in list] [prev in thread] [next in thread]