Hi Peter, On 22 April 2012 15:10, Peter Marschall <pe...@adpm.de> wrote:
> Hi, > > On Sunday, 22. April 2012, Alexei Znamensky wrote: > > it looks like a problem to me, but I might be wrong. It seems > > that Net::LDAP::FilterMatch doesn't cope with filters of the type: > > > > (dn=*) > > (dn=cn=joe doe,ou=somewhere) > > DN is not an attribute, it is the object's name. > These filters are illegal. > In that case, why does Net::LDAP::Filter constructor accepts such filters as argument? Shouldn't it moan that this is illegal? It builds an object out of that filter. If that is not a legal filter, a Filter object should not be created out of it. > LDAP RFCs do not define filters with DN on the left hand side. > Is there a good reason for that? > > but it does work neatly if I write them like this: > > > > (distinguishedName=*) > > (distinguishedName=cn=joe doe,ou=somewhere) > > distinguishedName is a legal LDAP attribute. > These are legal filters. > > > [...] > > Am I missing something here? > > The filters using DN would fail on a standard LDAP server too. > Net::LDAP::FilterMatch behaves correctly. > I was afraid that would be the case. I personally can see no reason why we should not be able to perform searches based on the object name. It seems silly that I can search by anything else but the very name of the object. > > Best > PEter > > -- > Peter Marschall > pe...@adpm.de > -- Alexei "RUSSOZ" Znamensky | russoz EM gmail com | http://russoz.org GPG fingerprint = 42AB E78C B83A AE31 7D27 1CF3 C66F B5C7 71CA 9F3C http://www.flickr.com/photos/alexeiz | http://github.com/russoz "I don't know... fly casual!" -- Han Solo
