View Full Version : ldapTemplate.search returns DNs with an single space between RDNs
Sep 1st, 2007, 12:58 PM
ldapTemplate.search returns DNs with an single space between RDNs. If we then use the returned string(s) to perform a search, for example in memberUids where DNs are stored without any spaces between RDNs the searches are failing.
Is there a particular reason that the strings are formatted with spaces?
Sep 2nd, 2007, 01:50 AM
The reason would be readability I guess. I personally think that a Distinguished Name formatted this way is easier to read than without the spaces. We had to decide on some format (note that the memberUid could equally likely be formatted with/without spaces in any other server instance)
The thing is that the actual layout of a distinguished name should be insignificant, e.g. when performing a search; the server should ideally ignore irrelevant whitespace when matching. Unfortunately this is not always the case, depending on server implementations.
Nevertheless, it might be a good idea to provide some method in the DistinguishedName class to enable alternative formatting. Post a jira issue here (http://opensource.atlassian.com/projects/spring/browse/LDAP) if you have suggestions.
Sep 4th, 2007, 02:37 AM
Thanks for the insight Mattias.
The problem with the formatting comes into play when doing an equality search filter in a memberUid field containing DNs. How can we instruct the server to perform a search that ignores the whitespaces? I believe it has to do with schema's matching rules. posixGroup field memberUid is a IA5 String and the matching rule is caseExactIA5Match and not distinguishedNameMatch which I suppose would achieve what we are saying in your comment.
I suppose our customer's usage of the posixGroup schema is not very conventional but we have to live with it and we are searching for a way to work around this.
Sep 4th, 2007, 05:10 AM
I haven't actually thought about this myself before, but you're supposed to be able to specify the matching rule to use in the search, as described in the Search filter rfc (http://www.rfc-editor.org/rfc/rfc2254.txt). As described in the Syntaxes and Matching Rules RFC (http://tools.ietf.org/html/rfc4517), the OID for distinguishedNameMatch seems to be 220.127.116.11, which leads me to believe that you should be able to force the server to match with distinguished name syntax using the following filter:
(memberUid:18.104.22.168:=dn of entry to match on)
Please let me know if this works out - if it does we should definitely add some additional functionality in our filter utilities to help working with matching rules.
Sep 4th, 2007, 11:09 AM
I've tried this filter (note the added spaces on the uid)
(memberUid:distinguishedNameMatch:=uid=andreas, ou=sysadm, ou=users, ou=Forthnet, dc=staff, dc=forthnet)
but the query returns no result. If I remove the spaces I get the expected members.
As a test, I've used another matching rule and the override is working (only using the OBJECT IDENTIFIER, neither Syntax OID or Numeric OID works at least with OpenLDAP that I'm using)
I'll have another round of tests and I'll get back to you.
Powered by vBulletin® Version 4.2.1 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.