Michael, Thank's for help!! When I used the filter memberOf:dn:dnSubordinateMatch:=cn=system1,ou=groups works!!!
Thanks a lot, Alessandro Lasmar Mourão -----Mensagem original----- De: Michael Ströder [mailto:[email protected]] Enviada em: quarta-feira, 28 de janeiro de 2015 18:13 Para: Alessandro Lasmar Mourao; [email protected] Assunto: Re: Search with wildcard Alessandro Lasmar Mourao wrote: > I have the following structure in my OpenLDAP: > > ou = groups > |_cn = system1 > | | _cn = Group1 > | | _cn = Group2 > |_cn = system2 > | _cn = Group1 > | _cn = Group2 > > I need to perform a search and return only users who are registered on > system1, regardless of the registered group. > When I use the search with the filter: memberOf=cn=*,cn=system1,ou=groups > nothing is returned. > How do I perform this search in OpenLDAP? Attribute 'memberOf' is of LDAP syntax DistinguishedName. Therefore the SUBSTR matching rule for DirectoryString syntax does not apply. You could use this filter: (memberOf:dnSubordinateMatch:=cn=system1,ou=groups) Not exactly the same since it does not assert the group entry RDN being 'cn' but it matches your textual description. > In search Oracle SJDS works! Is Oracle SJDS yet another LDAP server product name for the former Sun product or Oracle's OID? If the search with memberOf=cn=*,cn=system1,ou=groups works there they do not implement proper DN syntax checking and matching rules and simply apply e.g. the DirectoryString SUBSTR matching rule or whatever. That's convenient for lazy programmers but is not compliant to RFC 4517. A typical behaviour of Sun's DSSE up to 6.x. Ciao, Michael.
