Anita Luca wrote:
Thanks for the answer Reinaldo,
Sorry, maybe I wasn't explicit enough..
I have, say, 3 user objects, with names User1, User2 and User3.
Under AD, a user browse filter for this would be:
(&(|(objectClass=user)(objectClass=organizationalUnit))(cn=*User**))
that would search for
(objectClass=user OR objectClass=organizationalUnit) AND (cn contains "User")
But the AD object has the property objectClass and cn, and I know that values for objectClass can
be "user" or "organizationalUnit" in my case.
I don't know the structure of an object in OpenLDAP, to know what property
would replace e.g. objectClass and cn, and what values they might have.
objectClass is part of the core LDAP (and X.500) specification, every
directory entry must contain it. cn is part of the core schema as well,
although Microsoft has perverted its definition in their implementation.
Your example is strange since generally users are not organizationalUnits.
This might be a very simple thing, my problem is that I don't have access to an
OpenLDAP environment, which makes it more difficult. With an LDAP browser I
could just look at the objects, see the properties and values, and figure out
what would work as filter. But without access to the environment, I don't even
know how an object looks like, and what properties it has.
I was hoping maybe there was a list somewhere, similar to this one for Active
Directory, where I could just see the properties that exist:
http://www.dotnetactivedirectory.com/Understanding_LDAP_Active_Directory_User_Object_Properties.html
Read RFC4512 and RFC4519 to see the core LDAP schema definitions. You don't
need a running OpenLDAP installation, you just need to read the LDAP
specifications.
Of course, it's not like there's anything preventing you from downloading
OpenLDAP and seeing what's in it for yourself.
Thanks,
Anita
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Reinaldo de
Carvalho
Sent: 20 May 2011 17:43
To: [email protected]
Subject: Re: OpenLDAP search filters
On Thu, May 19, 2011 at 8:08 AM, Anita Luca<[email protected]> wrote:
Hello all,
I need to replace the standard AD filters with OpenLDAP filters.
Basically, I assume that what changes is the value of the property (e.g.
objectType=user might become objectType=person or any other value, not
sure what OpenLDAP works with).
How to create a "filter" if we don't know the "entries"?
--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net
"While not fully understand a software, don't try to adapt this software to the way
you work, but rather yourself to the way the software works" (myself)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
