LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 12-13-2011, 11:29 PM   #1
prasanthhs
LQ Newbie
 
Registered: Aug 2007
Location: Japan
Posts: 24

Rep: Reputation: 0
Regarding LDAP Search Filter


I have a question regarding LDAP search. Suppose i want to search a number say "123" and if LDAP has entries like "123#" or "1-2-3" what should be the LDAP Search filter which needs to be provided. I tried "*123*" but it doesnt work in case of "1-2-3".
 
Old 12-14-2011, 01:08 AM   #2
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
Quote:
Originally Posted by prasanthhs View Post
I have a question regarding LDAP search. Suppose i want to search a number say "123" and if LDAP has entries like "123#" or "1-2-3" what should be the LDAP Search filter which needs to be provided. I tried "*123*" but it doesnt work in case of "1-2-3".
If your LDAP records are searchable then you would need to use something along these lines:
Code:
 "1*2*3" or "*-*-*"
To properly search your LDAP records you will need to make sure that all authenticated users can read all records otherwise you will not be able to search the records properly.

Last edited by War3zWad|0; 12-14-2011 at 01:09 AM. Reason: a correction
 
Old 12-14-2011, 02:32 AM   #3
prasanthhs
LQ Newbie
 
Registered: Aug 2007
Location: Japan
Posts: 24

Original Poster
Rep: Reputation: 0
Ya i am aware we can search this way. But the problem is the series of digits nor the number of digits are not fixed!!

Additionally, your logic will not work because if the Search filter is say "*1*2*3" as you say, then if there's a number "19253" in LDAP DB , then this number will be returned as matching the search criteria even though that's not remotely matching the input number "123"

To make things more clear, this is what is required from the LDAP search

1> DB contains 1-2-3 , Input is 123, then it should match this
2>DB Contains 19253 , Input is 123, then it should not match



Quote:
Originally Posted by War3zWad|0 View Post
If your LDAP records are searchable then you would need to use something along these lines:
Code:
 "1*2*3" or "*-*-*"
To properly search your LDAP records you will need to make sure that all authenticated users can read all records otherwise you will not be able to search the records properly.
 
Old 12-14-2011, 05:00 AM   #4
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
Yes, that does make a difference in the type of search you are doing.

Code:
"(objectClass=*)"	All objects.
"(&(objectCategory=person)(objectClass=user)(!cn=andy))"	All user objects but "andy".
"(sn=sm*)"	All objects with a surname that starts with "sm".
"(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))"	All contacts with a surname equal to "Smith" or "Johnson".
Above are some examples of typical LDAP search filters. Depending on what you are searching for then it will depend on the criteria that you need to provide. And as stated before any search that is is structured with the wild card * should return any result that contains anything so searching for the following strings:
Code:
uid=1*2*3 

will return anything containing 1 2 3 sequence. So if you have the following strings in searchable fields you will get them as results:
uid=19263
uid=14273
uid=1_2_3
uid=1-2-3
and so on

(&(mail=*)(cn=*r)(sn=s*)) # has mail attr AND cn ends with R 
                            AND sn starts with s

(|(sn=a*)(sn=b*)(sn=c*)) # sn starts with a OR b OR c

(!(sn=a*)) # entries with sn NOT starting with a

(&(!(sn=a*))(!(sn=b*))) # entries with sn NOT starting with a 
                          AND NOT starting with b
sn=*abc*  -- should return any value with abc in it so *123* should return
I only pointed out the search ability of your LDAP records as I, like many, have over looked that aspect and was only attempting to assist. The lack of information provided in your original post only allows one to post points and provide possible options but they are limited by the amount of information provided.

Here is a link to some Microsoft provided LDAP information as it does provide a little information on how to structure your searches.

http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

and for even more reference material on how to search LDAP take a look at the following

http://linux.die.net/man/1/ldapsearch

http://www.centos.org/docs/5/html/CD...dapsearch.html

Last edited by War3zWad|0; 12-14-2011 at 05:14 AM. Reason: spelling
 
Old 12-14-2011, 10:17 PM   #5
prasanthhs
LQ Newbie
 
Registered: Aug 2007
Location: Japan
Posts: 24

Original Poster
Rep: Reputation: 0
Thanks. However my requirement is very simple.

Input string is dynamic.

Lets say 123 is the input string and DB has 10203 , 19293 , 1-2-3 , 123 . Then Search should return only 1-2-3 and 123.

The only thing which is fixed here is that the input will always be numbers and db will also contain numbers only.

I tried using approx(id ~= 123) but it returns all the 4 entries in db.Maybe i need to add an extra filter to it with & to filter it down further..Any ideas?

Quote:
Originally Posted by War3zWad|0 View Post
Yes, that does make a difference in the type of search you are doing.

Code:
"(objectClass=*)"	All objects.
"(&(objectCategory=person)(objectClass=user)(!cn=andy))"	All user objects but "andy".
"(sn=sm*)"	All objects with a surname that starts with "sm".
"(&(objectCategory=person)(objectClass=contact)(|(sn=Smith)(sn=Johnson)))"	All contacts with a surname equal to "Smith" or "Johnson".
Above are some examples of typical LDAP search filters. Depending on what you are searching for then it will depend on the criteria that you need to provide. And as stated before any search that is is structured with the wild card * should return any result that contains anything so searching for the following strings:
Code:
uid=1*2*3 

will return anything containing 1 2 3 sequence. So if you have the following strings in searchable fields you will get them as results:
uid=19263
uid=14273
uid=1_2_3
uid=1-2-3
and so on

(&(mail=*)(cn=*r)(sn=s*)) # has mail attr AND cn ends with R 
                            AND sn starts with s

(|(sn=a*)(sn=b*)(sn=c*)) # sn starts with a OR b OR c

(!(sn=a*)) # entries with sn NOT starting with a

(&(!(sn=a*))(!(sn=b*))) # entries with sn NOT starting with a 
                          AND NOT starting with b
sn=*abc*  -- should return any value with abc in it so *123* should return
I only pointed out the search ability of your LDAP records as I, like many, have over looked that aspect and was only attempting to assist. The lack of information provided in your original post only allows one to post points and provide possible options but they are limited by the amount of information provided.

Here is a link to some Microsoft provided LDAP information as it does provide a little information on how to structure your searches.

http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

and for even more reference material on how to search LDAP take a look at the following

http://linux.die.net/man/1/ldapsearch

http://www.centos.org/docs/5/html/CD...dapsearch.html

Last edited by prasanthhs; 12-14-2011 at 10:19 PM.
 
Old 12-15-2011, 03:20 AM   #6
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
There might be a slight communication error going on. When you say DB are you referring to your LDAP Records, or are your referring to a MySQL Database. Typically DB is used for MySQL and records or LDIF is the file structure for LDAP. The reason I ask this is to be able to narrow down your search would be to identify the field that you are trying to search.

For LDAP if you are trying to find say an address then you would use something like so:

ldapsearch -LLL -s one -b "c=US" "(o=University*)" o streetAddress

If my LDAP structure was c=us,dc=warezwaldo,dc=us and under the countries I had the following Orginizations: College, University, Community College, Tech Schools, and under each of these where states, and under the states were cities. The above search would then search all of the records under the US node for any entry with University in the name at the start of its name.

So your wish to run a search for 123 as simple as it sounds needs more explanation as to what you are trying to search for with in the LDAP records. Whether you are creating an app for users to input the search criteria or if you are trying to write a CLI script to automate tasks if oyu search for sn=123 you will only get the results that match your search. If you are trying to get a range then you could use some like sn=sn* this would give you results for anything in the sn group that starts with sn.



Now if the misunderstanding is that you are attempting to search a MySQL database then you could try something like this: select * from 'users' where id = '123'; this will only return the results for the one entry with id of 123. If you are not sure what you are looking for then you would use something like so: select * from 'users' where id like '%123'
 
Old 12-15-2011, 05:58 AM   #7
prasanthhs
LQ Newbie
 
Registered: Aug 2007
Location: Japan
Posts: 24

Original Poster
Rep: Reputation: 0
Sorry. What i meant to say was LDAP BDB not my SQL.

The structure of Records in LDAP are Name and Number. There is only one Organization.Its basically an app for user to get a name based on Number inputted(Kind of like a mobile phonebook).

Lets consider the following simple structure of LDAP records.

Name/Number
a/123
b/1-2-3
c/19293

Now if i enter an input from the app as 123, then i should be able to get the Names "a,b".

If my Search Filter is as you say (o=*123*), then it fetches only "a". It ignores "b" eventhough its valid as well.
If my Search Filter is (o ~= 123)then it fetches a,b,c. However c is no where close to what is required.

As far as i saw on web, there doesn't seem to be a direct search filter for getting this kind of search result.

Quote:
Originally Posted by War3zWad|0 View Post
There might be a slight communication error going on. When you say DB are you referring to your LDAP Records, or are your referring to a MySQL Database. Typically DB is used for MySQL and records or LDIF is the file structure for LDAP. The reason I ask this is to be able to narrow down your search would be to identify the field that you are trying to search.

For LDAP if you are trying to find say an address then you would use something like so:

ldapsearch -LLL -s one -b "c=US" "(o=University*)" o streetAddress

If my LDAP structure was c=us,dc=warezwaldo,dc=us and under the countries I had the following Orginizations: College, University, Community College, Tech Schools, and under each of these where states, and under the states were cities. The above search would then search all of the records under the US node for any entry with University in the name at the start of its name.

So your wish to run a search for 123 as simple as it sounds needs more explanation as to what you are trying to search for with in the LDAP records. Whether you are creating an app for users to input the search criteria or if you are trying to write a CLI script to automate tasks if oyu search for sn=123 you will only get the results that match your search. If you are trying to get a range then you could use some like sn=sn* this would give you results for anything in the sn group that starts with sn.



Now if the misunderstanding is that you are attempting to search a MySQL database then you could try something like this: select * from 'users' where id = '123'; this will only return the results for the one entry with id of 123. If you are not sure what you are looking for then you would use something like so: select * from 'users' where id like '%123'
 
Old 12-15-2011, 02:51 PM   #8
War3zWad|0
Member
 
Registered: Sep 2011
Location: Houston, TX
Distribution: openSuSE, Fedora, CentOS, Debian,, and others
Posts: 84

Rep: Reputation: Disabled
ok, that makes much more sense.

Yeah there is no direct way to do what you want without using multiple filters. You could structure an for loop to run through the LDAP returned values and do a string compare on the 2 values. This would allow you to structure your output as you are wanting.


sorry if that doesn't help
 
Old 12-16-2011, 04:08 AM   #9
prasanthhs
LQ Newbie
 
Registered: Aug 2007
Location: Japan
Posts: 24

Original Poster
Rep: Reputation: 0
Thanks .let me check!

Quote:
Originally Posted by War3zWad|0 View Post
ok, that makes much more sense.

Yeah there is no direct way to do what you want without using multiple filters. You could structure an for loop to run through the LDAP returned values and do a string compare on the 2 values. This would allow you to structure your output as you are wanting.


sorry if that doesn't help
 
  


Reply

Tags
ldap, ldapsearch, openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SquidGuard - Ldap doesnt filter users kool_kid Linux - Server 3 03-23-2011 03:25 PM
Complex LDAP filter for ldapsearch tpe Linux - Server 0 06-01-2009 10:43 AM
MySQL Search and then Filter? microchipper Programming 8 02-19-2009 10:28 AM
Make HCL easier to filter/search Ynot Irucrem LQ Suggestions & Feedback 3 10-03-2008 12:35 AM
Filter Search Results wwnexc Linux - Software 1 05-08-2006 11:06 AM


All times are GMT -5. The time now is 03:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration