> Hello, > > I have a question regarding the construction of search filter > (assuming that what I think is possible in LDAP). > > For a tree shown like below: > > o dc=com > | > o dc=xyz > / | | \ > ou=machines o . . . . . o ou=people > / | \ > uid=abby o . . o ou=xie <- OC1 > / > ou=options o <- OC2 > / > ou=theme1 o <- OC3 > > OC1 != OC2 != OC3 (objectclasses with different set of attributes) > > Assume that at uid=<name> rdn, the objectclass (OC1) has an attribute > called accessFlag. Based on this accessFlag attribute value, is it > possible to construct a search filter that will give us the attributes > of the objectclass (OC3) with rdn ou=<theme name>? > > That is, I want to get the theme values of all users whose accessFlag > is set to some value.
In short, this is not possible. As a more articulate response, I'd note this type of behavior is occasionally needed, and should be implemented at the application level. For this purpose, I have drafted in the past a formal specification of a search control that allows to specify the parameters of a subsearch to be applied to all entries returned by the primary search. This specification was never submitted for many reasons and unfortunately it was never implemented. I might try to dig out what I wrote, in case someone finds it interesting and worth reviving and implementing. p.
