Re^6: Net::LDAP q

in reply to Re^5: Net::LDAP q
in thread Net::LDAP q

1. My assumption that 'ldapsearch' utility gives me the right result was wrong. According to rfc4515 there is no '>' or '<' comparators - at all. Thus, ldapsearch utility forms request with filter 'objectclass=*', which gives me all the entries in the given basedn. As I have almost all the entries with uidNumber in between 500 and 1000, I misunderstood the result.

I got this fact only with wireshark's help - yes, I did tcpdump on request to find it. If 'ldapsearch' can't recognize given filter, it silently forms the filter 'present, objectClass' and treating original user's filter as attribute name to search.

2. The server actually can't answer that kind of requests; to do this, you need to modify ldap schema and define attribute with proper ordering rules. The most helpful piece of text can be found here.

Comment on Re^6: Net::LDAP q

Replies are listed 'Best First'.
Re^7: Net::LDAP q by snoopy (Curate) on Sep 06, 2011 at 21:09 UTC
So what happens under Net::LDAP. Was "1000" was actually being treated as less than "500"? Update:: Did some testing and answered my own question. I populated a few uid fields in some sample data, then ran a few ranging queries using Net::LDAP. Seems that (under open LDAP at least), not only can you get different result via ldapsearch and Net::LDAP, but the LDAP server just silently ignores the query. No errors or other status information.	[reply]
Re^8: Net::LDAP q by fisher (Priest) on Sep 07, 2011 at 08:32 UTC
So what happens under Net::LDAP. Was "1000" was actually being treated as less than "500"? No, not at all. The server just didn't knew how to actually _compare_ in this way. I did some research and found that, in fact, there is no predefined attributes in openldap that can be compared by 'less than' or 'greater than' comparators. You have to define your own attributes =) As to difference in behaviour, ldapsearch untility shows similar results if you give it the right search filter - that is, `ldapsearch -h 192.168.9.111 -D "cn=root,dc=lomonosov,dc=parallel,dc=ru +" -w "rootpw" -b "ou=slurm,dc=lomonosov,dc=parallel,dc=ru" "(&(cn>=60 +0)(cn<=1000))"` [download] i.e., it shows _nothing_ =)	[reply] [d/l]

In Section Seekers of Perl Wisdom