LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Regarding LDAP Search Filter (http://www.linuxquestions.org/questions/linux-software-2/regarding-ldap-search-filter-918624/)

prasanthhs 12-13-2011 11:29 PM

Regarding LDAP Search Filter
 
I have a question regarding LDAP search. Suppose i want to search a number say "123" and if LDAP has entries like "123#" or "1-2-3" what should be the LDAP Search filter which needs to be provided. I tried "*123*" but it doesnt work in case of "1-2-3".

War3zWad|0 12-14-2011 01:08 AM

Quote:

Originally Posted by prasanthhs (Post 4549390)
I have a question regarding LDAP search. Suppose i want to search a number say "123" and if LDAP has entries like "123#" or "1-2-3" what should be the LDAP Search filter which needs to be provided. I tried "*123*" but it doesnt work in case of "1-2-3".

If your LDAP records are searchable then you would need to use something along these lines:
Code:

"1*2*3" or "*-*-*"
To properly search your LDAP records you will need to make sure that all authenticated users can read all records otherwise you will not be able to search the records properly.

prasanthhs 12-14-2011 02:32 AM

Ya i am aware we can search this way. But the problem is the series of digits nor the number of digits are not fixed!!

Additionally, your logic will not work because if the Search filter is say "*1*2*3" as you say, then if there's a number "19253" in LDAP DB , then this number will be returned as matching the search criteria even though that's not remotely matching the input number "123" :)

To make things more clear, this is what is required from the LDAP search

1> DB contains 1-2-3 , Input is 123, then it should match this
2>DB Contains 19253 , Input is 123, then it should not match



Quote:

Originally Posted by War3zWad|0 (Post 4549446)
If your LDAP records are searchable then you would need to use something along these lines:
Code:

"1*2*3" or "*-*-*"
To properly search your LDAP records you will need to make sure that all authenticated users can read all records otherwise you will not be able to search the records properly.


War3zWad|0 12-14-2011 05:00 AM

Yes, that does make a difference in the type of search you are doing.

Code:

"(objectClass=*)"        All objects.
"(&(objectCategory=person)(objectClass=user)(!cn=andy))"        All user objects but "andy".
"(sn=sm*)"        All objects with a surname that starts with "sm".
"(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))"        All contacts with a surname equal to "Smith" or "Johnson".

Above are some examples of typical LDAP search filters. Depending on what you are searching for then it will depend on the criteria that you need to provide. And as stated before any search that is is structured with the wild card * should return any result that contains anything so searching for the following strings:
Code:

uid=1*2*3

will return anything containing 1 2 3 sequence. So if you have the following strings in searchable fields you will get them as results:
uid=19263
uid=14273
uid=1_2_3
uid=1-2-3
and so on

(&(mail=*)(cn=*r)(sn=s*)) # has mail attr AND cn ends with R
                            AND sn starts with s

(|(sn=a*)(sn=b*)(sn=c*)) # sn starts with a OR b OR c

(!(sn=a*)) # entries with sn NOT starting with a

(&(!(sn=a*))(!(sn=b*))) # entries with sn NOT starting with a
                          AND NOT starting with b
sn=*abc*  -- should return any value with abc in it so *123* should return

I only pointed out the search ability of your LDAP records as I, like many, have over looked that aspect and was only attempting to assist. The lack of information provided in your original post only allows one to post points and provide possible options but they are limited by the amount of information provided.

Here is a link to some Microsoft provided LDAP information as it does provide a little information on how to structure your searches.

http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

and for even more reference material on how to search LDAP take a look at the following

http://linux.die.net/man/1/ldapsearch

http://www.centos.org/docs/5/html/CD...dapsearch.html

prasanthhs 12-14-2011 10:17 PM

Thanks. However my requirement is very simple.

Input string is dynamic.

Lets say 123 is the input string and DB has 10203 , 19293 , 1-2-3 , 123 . Then Search should return only 1-2-3 and 123.

The only thing which is fixed here is that the input will always be numbers and db will also contain numbers only.

I tried using approx(id ~= 123) but it returns all the 4 entries in db.Maybe i need to add an extra filter to it with & to filter it down further..Any ideas?

Quote:

Originally Posted by War3zWad|0 (Post 4549571)
Yes, that does make a difference in the type of search you are doing.

Code:

"(objectClass=*)"        All objects.
"(&(objectCategory=person)(objectClass=user)(!cn=andy))"        All user objects but "andy".
"(sn=sm*)"        All objects with a surname that starts with "sm".
"(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))"        All contacts with a surname equal to "Smith" or "Johnson".

Above are some examples of typical LDAP search filters. Depending on what you are searching for then it will depend on the criteria that you need to provide. And as stated before any search that is is structured with the wild card * should return any result that contains anything so searching for the following strings:
Code:

uid=1*2*3

will return anything containing 1 2 3 sequence. So if you have the following strings in searchable fields you will get them as results:
uid=19263
uid=14273
uid=1_2_3
uid=1-2-3
and so on

(&(mail=*)(cn=*r)(sn=s*)) # has mail attr AND cn ends with R
                            AND sn starts with s

(|(sn=a*)(sn=b*)(sn=c*)) # sn starts with a OR b OR c

(!(sn=a*)) # entries with sn NOT starting with a

(&(!(sn=a*))(!(sn=b*))) # entries with sn NOT starting with a
                          AND NOT starting with b
sn=*abc*  -- should return any value with abc in it so *123* should return

I only pointed out the search ability of your LDAP records as I, like many, have over looked that aspect and was only attempting to assist. The lack of information provided in your original post only allows one to post points and provide possible options but they are limited by the amount of information provided.

Here is a link to some Microsoft provided LDAP information as it does provide a little information on how to structure your searches.

http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

and for even more reference material on how to search LDAP take a look at the following

http://linux.die.net/man/1/ldapsearch

http://www.centos.org/docs/5/html/CD...dapsearch.html


War3zWad|0 12-15-2011 03:20 AM

There might be a slight communication error going on. When you say DB are you referring to your LDAP Records, or are your referring to a MySQL Database. Typically DB is used for MySQL and records or LDIF is the file structure for LDAP. The reason I ask this is to be able to narrow down your search would be to identify the field that you are trying to search.

For LDAP if you are trying to find say an address then you would use something like so:

ldapsearch -LLL -s one -b "c=US" "(o=University*)" o streetAddress

If my LDAP structure was c=us,dc=warezwaldo,dc=us and under the countries I had the following Orginizations: College, University, Community College, Tech Schools, and under each of these where states, and under the states were cities. The above search would then search all of the records under the US node for any entry with University in the name at the start of its name.

So your wish to run a search for 123 as simple as it sounds needs more explanation as to what you are trying to search for with in the LDAP records. Whether you are creating an app for users to input the search criteria or if you are trying to write a CLI script to automate tasks if oyu search for sn=123 you will only get the results that match your search. If you are trying to get a range then you could use some like sn=sn* this would give you results for anything in the sn group that starts with sn.



Now if the misunderstanding is that you are attempting to search a MySQL database then you could try something like this: select * from 'users' where id = '123'; this will only return the results for the one entry with id of 123. If you are not sure what you are looking for then you would use something like so: select * from 'users' where id like '%123'

prasanthhs 12-15-2011 05:58 AM

Sorry. What i meant to say was LDAP BDB not my SQL.

The structure of Records in LDAP are Name and Number. There is only one Organization.Its basically an app for user to get a name based on Number inputted(Kind of like a mobile phonebook).

Lets consider the following simple structure of LDAP records.

Name/Number
a/123
b/1-2-3
c/19293

Now if i enter an input from the app as 123, then i should be able to get the Names "a,b".

If my Search Filter is as you say (o=*123*), then it fetches only "a". It ignores "b" eventhough its valid as well.
If my Search Filter is (o ~= 123)then it fetches a,b,c. However c is no where close to what is required.

As far as i saw on web, there doesn't seem to be a direct search filter for getting this kind of search result.

Quote:

Originally Posted by War3zWad|0 (Post 4550383)
There might be a slight communication error going on. When you say DB are you referring to your LDAP Records, or are your referring to a MySQL Database. Typically DB is used for MySQL and records or LDIF is the file structure for LDAP. The reason I ask this is to be able to narrow down your search would be to identify the field that you are trying to search.

For LDAP if you are trying to find say an address then you would use something like so:

ldapsearch -LLL -s one -b "c=US" "(o=University*)" o streetAddress

If my LDAP structure was c=us,dc=warezwaldo,dc=us and under the countries I had the following Orginizations: College, University, Community College, Tech Schools, and under each of these where states, and under the states were cities. The above search would then search all of the records under the US node for any entry with University in the name at the start of its name.

So your wish to run a search for 123 as simple as it sounds needs more explanation as to what you are trying to search for with in the LDAP records. Whether you are creating an app for users to input the search criteria or if you are trying to write a CLI script to automate tasks if oyu search for sn=123 you will only get the results that match your search. If you are trying to get a range then you could use some like sn=sn* this would give you results for anything in the sn group that starts with sn.



Now if the misunderstanding is that you are attempting to search a MySQL database then you could try something like this: select * from 'users' where id = '123'; this will only return the results for the one entry with id of 123. If you are not sure what you are looking for then you would use something like so: select * from 'users' where id like '%123'


War3zWad|0 12-15-2011 02:51 PM

ok, that makes much more sense.

Yeah there is no direct way to do what you want without using multiple filters. You could structure an for loop to run through the LDAP returned values and do a string compare on the 2 values. This would allow you to structure your output as you are wanting.


sorry if that doesn't help

prasanthhs 12-16-2011 04:08 AM

Thanks .let me check!

Quote:

Originally Posted by War3zWad|0 (Post 4550937)
ok, that makes much more sense.

Yeah there is no direct way to do what you want without using multiple filters. You could structure an for loop to run through the LDAP returned values and do a string compare on the 2 values. This would allow you to structure your output as you are wanting.


sorry if that doesn't help



All times are GMT -5. The time now is 05:09 PM.