Ldapsearch Revisited: Search Filter

 < Day Day Up > 



The output of our previous search was not particularly sophisticated, nor was the query we made to our directory. Had we been searching a directory with millions of entries (like a phone book), we would have produced a simple dump of all entries.

Let us concentrate first on refining the output. You can easily specify relevant fields for an ldapsearch, such as the full name (common name called "cn" and surname called "sn") and the e-mail address (called "mail"), for example. Exhibit 14 shows how this is done.

start figure

 ldapsearch -b "LdapAbc.org" "(objectclass=person)" cn mail # extended LDIF # # LDAPv3 # filter: (objectclass=person) # requesting: cn mail # # RVoglmaier, IT, LdapAbc.org dn: uid=RVoglmaier, ou=IT, o=LdapAbc.org cn: Reinhard E. Voglmaier cn: Reinhard Erich Voglmaier cn: Reinhard Voglmaier givenname: Reinhard Erich mail: RVoglmaier@LdapAbc.org # TKlein, Mkt, LdapAbc.org dn: uid=TKlein, ou=Mkt, o=LdapAbc.org cn: Thomas Klein # PSmith, Mkt, LdapAbc.org dn: uid=PSmith, ou=Mkt, o=LdapAbc.org cn: Peter Smith mail: PeterSmith@LdapAbc.org # SParker, HR, LdapAbc.org dn: uid=SParker, ou=HR, o=LdapAbc.org cn: Sarah Parker mail: SarahParker@LdapAbc.org # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 

end figure

Exhibit 14: Limited Output with Idapsearch

Remember that we had some entries with more than one value for the attribute "common name." Suppose we want to pull the data for someone and we only know the surname. The query string in LDAP parlance is called "filter." Here, the filter is rather simple: We wish to get all persons whose name is "Parker." The filter would therefore simply be:

 sn=Parker 

Look at Exhibit 15 to get the correct syntax. An exact description of this syntax is found in Chapter 5, where we will not only look at the command-line tools, but also at other, more-sophisticated APIs, such as Perl or Java.

start figure

 ldapsearch -b "LdapAbc.org" "(sn=Parker)" # extended LDIF # # LDAPv3 # # filter: (sn=Parker) # requesting: ALL # # JParker, Human Resources, LdapAbc.org dn: uid=JParker, ou=Human Resources, o=LdapAbc.org objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: James Parker sn: Parker givenName: James ou: Human Resources uid: JParker mail: JParker@LdapAbc.org # TParker, Research, LdapAbc.org dn: uid=JParker, ou=Human Resources, o=LdapAbc.org objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Tina Parker sn: Parker givenName: Tina ou: Human Resources uid: TParker mail: TParker@LdapAbc.org # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 

end figure

Exhibit 15: A Simple Query Filter

The query produced two entries with the sn Parker. To further refine the query, we could search for all people named Parker and working in the Research department. The additional condition is:

 (ou=Research) 

However, the two filters have to be joined by a logical AND operator. LDAP uses a particular notation known as Polish notation, or prefix notation, where the two operands to be connected are prefixed by the operator. [1] The AND condition reads:

 (& (sn=Parker) (ou=Research)) 

Exhibit 16 shows the result.

start figure

 ldapsearch _b "LdapAbc.org" "(&(sn=Parker)(ou=Research))" # extended LDIF # # LDAPv3 # filter: (&(sn=Parker)(ou=Research)) # requesting: ALL # # TParker, Research, LdapAbc.org dn: uid=JParker, ou=Human Resources, o=LdapAbc.org objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Tina Parker sn: Parker givenName: Tina ou: Human Resources uid: TParker mail: TParker@LdapAbc.org # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 

end figure

Exhibit 16: A Somewhat More Complicated Query

The attribute values can also contain white spaces as well as special characters. However, a number of special characters that have a specific meaning for the LDAP protocol cannot be used directly as attribute values. They have to be encoded. Chapter 4 provides more information on this topic. LDAP also recognizes other logical operators such as OR and NOT. For example, you could search for a person named Parker working in the IT department or in Marketing. The filter would look like this:

 (& (sn=Parker) (| (ou=Information Technologies)(ou=Marketing))) 

If you were searching for Parker but NOT in the Human Resources department, the filter would be as follows:

 (& (sn=Parker) (!(ou=Human Resources))) 

The example search in Exhibit 17 simply shows all entries having a certain attribute, in this case a mobile phone number.

start figure

 ldapsearch -b "LdapAbc.org" "(mobile=*)" # extended LDIF # # LDAPv3 # # filter: (mobile=*) # requesting: ALL # # RVoglmaier, IT, LdapAbc.org dn: uid=RVoglmaier, ou=IT, o=LdapAbc.org objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: Reinhard E. Voglmaier cn: Reinhard Erich Voglmaier cn: Reinhard Voglmaier givenname: Reinhard Erich sn: Voglmaier ou: IT uid: RVoglmaier mail: RVoglmaier@LdapAbc.org mobile: +49 170 36273 3747 3747 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 

end figure

Exhibit 17: Search with Query Filter

The final example of a query filter is presented in Exhibit 19, which illustrates the use of wild cards in a filter. In this case, the ldapsearch tool is instructed to print only the common name, the surname, and the e-mail address. The ldapsearch tool suppresses any additional information, printing only the explicitly requested information. Here we search for all entries with sn beginning with "Vogl," so it finds sn = Vogl and sn = Voglmaier.

start figure

 ldapsearch -LLL -b "LdapAbc.org" "(sn=Vogl*)" cn sn mail dn: uid=RVoglmaier, ou=IT, o=LdapAbc.org cn: Reinhard E. Voglmaier cn: Reinhard Erich Voglmaier cn: Reinhard Voglmaier givenname: Reinhard Erich sn: Voglmaier mail: RVoglmaier@LdapAbc.org dn: uid=KVogl, ou=Research, o=LdapAbc.org cn: Kurt Vogl sn: Vogl mail: KVogl@LdapAbc.org 

end figure

Exhibit 18: A More Complete Example of Search

That will be the last example of a filter application for now. Nevertheless, you will see the filter again in Chapter 3, when we speak about the theory of LDAP, and again in Chapter 6, which covers the other LDAP APIs.

As you have seen, the filter mechanism is robust and LDAP can execute powerful queries using Polish notation. LDAP, however, does not offer joins between different objects as does a relational database management system (RDBMS). Having seen the examples presented in this section, you should play with the command-line language to become more familiar with the directory server. Again, the syntax of the ldapsearch utility could be slightly different on your server implementation. However, the logic should be the same. Refer to the documentation delivered with the product you are using.

[1]The Polish notation was published by the Polish philosopher and mathematician Jan Lucasiewicz (1878–1956). Reverse Polish notation (RPN), which postfixes the operands with the operator, was used in the first Hewlett-Packard electronic calculators.



 < Day Day Up > 



The ABCs of LDAP. How to Install, Run, and Administer LDAP Services
The ABCs of LDAP: How to Install, Run, and Administer LDAP Services
ISBN: 0849313465
EAN: 2147483647
Year: 2003
Pages: 149

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net