Hi Tony, thanks for the response.
I agree it could but three things seem to preclude
that.
1. I am looking at the final resultant filter so it should
already be expanded if it was going to be. If you do a stats control with an
objectcategory=person filter you will note that it gets expanded.
2. I can't visualize how they could easily do that
expansion except in cases where the legacyExchangeDN was always constant except
for the last piece of it.
3. Separate queries with that filter by itself never give
me anything.
Here's hoping ~Eric or Dean trods on along and says, well
of course you silly goose, you forgot about <insert explanation that requires
me to read it 4 times to understand how dumb I was>... It is much quicker and
easier for me to adjust my understanding of how things work than to get a bug
accepted as a bug and then corrected. :o)
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Friday, August 27, 2004 11:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Question on ANR... Possible Issue?
Joe
Here's a thought.
The legacyExchangeDN could behave a little like
objectCategory in LDAP filters. The syntax for objectCategory is DN, but
in a search filter you only specify part of the attribute,
e.g.
(&(objectCategory=Person)(cn=*))
But if you look at an object iin LDP you will see
objectCategory shown with the full DN:
CN=Person,CN=Schema,CN=Configuration,DC=root,DC=dom;
Tony
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Freitag, 27. August 2004 15:34
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Question on ANR... Possible Issue?
Hi
everyone, sorry for my recent absence, been tied up with some other things and
most of the posts here I like to really take my time on as there seems to
usually be more there in the question than you initially see. I expect to be
back into the flow in a week or so here hopefully, at least a little.
Anyway, I got pinged in email on how to
search several fields in AD at once, basically a full text search. Well
this isn't really possible without creating a huge filter [1] but there is
a sort of so so way to do it by using an ANR search. And the MS OS people
(Specifically AD Dev) to help the MS Application (Specifically Exchange
Dev) supposedly made the ANR search fairly efficient so that is good as
well.
Anyway, I wanted to verify what was being searched with
an ANR so I put in the filter and told it to pop the stats thereby giving me the
resultant filter used. The actual filter I typed was
anr=sometext
The
resultant filter was
Filter
Breakdown:
(|
(displayName=sometext*)
(mail=sometext*)
(givenName=sometext*)
(legacyExchangeDN=sometext)
(msDS-AdditionalSamAccountName=sometext*)
(mailNickname=sometext*)
(physicalDeliveryOfficeName=sometext*)
(proxyAddresses=sometext*)
(name=sometext*)
(sAMAccountName=sometext*)
(sn=sometext*)
)
(displayName=sometext*)
(mail=sometext*)
(givenName=sometext*)
(legacyExchangeDN=sometext)
(msDS-AdditionalSamAccountName=sometext*)
(mailNickname=sometext*)
(physicalDeliveryOfficeName=sometext*)
(proxyAddresses=sometext*)
(name=sometext*)
(sAMAccountName=sometext*)
(sn=sometext*)
)
Does
anyone see a problem there? The problem I see is in the
use of legacyExchangeDN - (legacyExchangeDN=sometext). That would be an odd
occurrence if that found something. I wouldn't be entirely happy with my current
Exchange setup I think if it did find something. Assuming for a second that the
entire legacyExchangeDN was input into the ANR search that would mean the rest
of the search filter would suck pretty badly. Either way, this doesn't seem to
make sense. It either shouldn't be in there or it should be (legacyExchangeDN=*sometext) or possibly something
like (legacyExchangeDN=*sometext*) though that wouldn't be
effecient and could be seriously confusing for what it pulled up for people.
Does
anyone think this isn't a bug and shouldn't be reported as
such?
Environment is native "from scratch" K3 Domain with
native "from scratch" E2K3 installation.
joe
[1] Or
dumping the entire contents of AD obviously
