1. My assumption that 'ldapsearch' utility gives me the right result was wrong. According to rfc4515 there is no '>' or '<' comparators - at all. Thus, ldapsearch utility forms request with filter 'objectclass=*', which gives me all the entries in the given basedn. As I have almost all the entries with uidNumber in between 500 and 1000, I misunderstood the result.
I got this fact only with wireshark's help - yes, I did tcpdump on request to find it. If 'ldapsearch' can't recognize given filter, it silently forms the filter 'present, objectClass' and treating original user's filter as attribute name to search.
2. The server actually can't answer that kind of requests; to do this, you need to modify ldap schema and define attribute with proper ordering rules. The most helpful piece of text can be found here.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|