LDAP Syntax/Semantics: Filter vs. Base DN?

syntax ldap filtering semantics ldap-query
13,628

Solution 1

I think you are misunderstanding how the filter works. It is meant to be key=value pairings.

So (objectClass=iNetOrgPerson) as an example.

If you wish a filter to find a DN, then you pick an identifying chracteristic like CN, and filter (CN=JohnTestGroup) or perhaps ([email protected]).

The base tells the LDAP server where to start looking, as seriyPS notes in his/her answer, the SCOPE is the next question. How deep should the server search, as that adds overhead and performance issues. Subtree is simplist conceptually. Just keep looking from here down, till you run out of tree to look through.

That is why your last one works.

Now, if you want to find a specific object and you know its DN, you do an ENTRY scope query for the base of the specific DN.

Solution 2

Read about Scopes there: http://www.idevelopment.info/data/LDAP/LDAP_Resources/SEARCH_Setting_the_SCOPE_Parameter.shtml

If you set you search scope to SUBTREE both (2 and 3), possible 1 variants start work, but searching by subtree works slower

Share:
13,628
John
Author by

John

Updated on June 04, 2022

Comments

  • John
    John almost 2 years

    This is probably pretty stupid, but I'm still green to LDAP. So I hope someone can lend me a hand.

    I am using Apache Directory Studio to do my searches and I am confused about when I should be using a filter or when I should be breaking up my filter into two, using one part as the filter and the other as my search base.

    Here's an example where I'm trying filter out a group.

    Filter: CN=JohnTestGroup,OU=TECH,DC=lab,DC=ing
Base:   DC=lab,DC=ing

    This yielded zero results. I realized that perhaps I am being redundant as part of the base is in the filter, so I got rid of that part in the filter.

    Filter: CN=JohnTestGroup,OU=TECH
Base:   DC=lab,DC=ing

    This still did not yield anything. So I tried this:

    Filter: CN=JohnTestGroup
Base:   OU=TECH,DC=lab,DC=ing

    I moved the OU parameter into the Base. This worked, but I don't understand why the first or second attempts didn't. Someone care to drop some knowledge on me?

    This is probably a matter of syntax/semantics, so if anyone could point me to a resource, I'd be more than willing to read more about it.

  • John
    John over 13 years
    Thanks! Your recent additions helped me understand greatly, especially the last sentence. It led me to search "ldap search by dn" on Google and I came across this: openldap.org/lists/openldap-software/200503/msg00519.html, which really solidified what you meant in your last sentence.
  • John
    John over 13 years
    Thanks seriyPS, these graphs coupled with geoffc's explanation really helped!
  • geoffc
    geoffc over 13 years
    @John We aim to please. (At least when using the potty...)
  • MateuszL
    MateuszL over 2 years
    link doesn't work, requires login
  • seriyPS
    seriyPS over 2 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ldapsearch Size limit exceeded with paging and certificate
How can i format an LDAP Filter that includes special characters? ('Classic' ASP)
Nested Group LDAP Search Filter
LDAP exclude sub OU from search
LDAP search not finding entries in child OUs
Invalid DN syntax on LDAP Authentication
LDAPSEARCH into table format
How to do ldapsearch with multiple filters?
How to sort LDAP Result with LDAP Query?
LDAP search filter for selecting the groups with a particular member