fisher has asked for the wisdom of the Perl Monks concerning the following question:

Why is this not working?

Im trying to get a list of available entries from ldap by simple filter: attribute cn must be less than 1000 and greater than 500. According to Net::LDAP documentation this could be done like this:

#!/usr/bin/env perl use strict; use warnings; use Net::LDAP; my $ldap = Net::LDAP->new(''); my $mesg = $ldap->bind('cn=root,dc=lomonosov,dc=parallel,dc=ru', passw +ord => 'rootpw'); $|=1; print "Searching for uids less than 1000 and gt 500... "; $mesg = $ldap->search( base => "ou=slurm,dc=lomonosov,dc=parallel,dc=ru", filter => "&(cn<=1000)(cn>=500)" ); $mesg->code && die $mesg->error; print "Ok\nFound: "; print join ", ", map $_->get_value("cn"), $mesg->entries;
But it produces:
Searching for uids less than 1000 and gt 500... Ok Found:
I know that there is a two hundred or so entries in ldap for this request,
fisher% ldapsearch -h -D "cn=root,dc=lomonosov,dc=parall +el,dc=ru" -w "rootpw" -b "ou=slurm,dc=lomonosov,dc=parallel,dc=ru" "& +(cn>600)(cn<1000)" |tail -3 # numResponses: 145 # numEntries: 144
In fact, the problem experienced on a simple filters with 'less than' or 'greater than' comparisions; complex search filters like '|(cn=527)(cn=528)' works just fine. What am I doing wrong? How can I get a list of entries with said filter?

Answer found, thanks to all. The original request using ldapsearch was wrong (according to rfc4515 there isn't '<' sign but '<='); the server doesn't answer for that type of comparisions becouse of absence of index.

Replies are listed 'Best First'.
Re: Net::LDAP q
by snoopy (Curate) on Sep 05, 2011 at 21:34 UTC
    You didn't say what LDAP class your objects are.

    I'm guessing that they're of type person or organizationalPerson

    In which case, cn, although it contains numeric data, is declared within LDAP as a text attribute.

    So your upper bound, "1000" when treated as a string, is less than your lower bound, "500".

      No-no-no, that would be too trivial. Before posting I trying to search using attribute uidNumber,
      attributetype ( NAME 'uidNumber' DESC 'An integer uniquely identifying a user in an administrati +ve domain' EQUALITY integerMatch SYNTAX SINGLE-VALUE )
      with the filter 'uidNumber <= 1000' and still got no answers. Your supposition may be correct, but it does not answer the second question - how can I do a search with given filter, treating numbers as numbers?
        The LDAP protocol does not support setting the type of the arguments in comparison filters. It is up to the server to decide which one to use.

        Anyway, I would enable debugging on the Net::LDAP object and see what is being send and received by the script: