I'm having trouble running a complex query against our company LDAP server. I'm using the following Perl script:
我在运行针对公司LDAP服务器的复杂查询时遇到问题。我正在使用以下Perl脚本:
use Data::Dumper;
use Net::LDAP;
die "Can't connect to LDAP-Server: $@\n"
unless $ldap = Net::LDAP->new( 'xLDAPx' );
foreach my $filter ( 'ou=Personal', 'ou=BAR', 'ou=Personal,ou=BAR', 'ou=Personal,ou=FOO,o=FOO,dc=foo,dc=com' )
{
$mesg = $ldap->search( base => "o=FOO,dc=foo,dc=com", filter => $filter );
print Dumper($mesg), "\n\n";
}
While the first two filters work (as in returning the expected values) the last and complex one doesn't. It returns an empty array. What really puzzles me is that exactly the same query string works when I use it with a tool like the Softerra LDAP Browser.
虽然前两个过滤器起作用(如返回预期值),但最后一个过滤器不起作用。它返回一个空数组。让我感到困惑的是,当我使用像Softerra LDAP Browser这样的工具时,完全相同的查询字符串可以正常工作。
I have also tried the same query using PHP's ldap_search & co, no avail.
我也尝试使用PHP的ldap_search&co进行相同的查询,但没有用。
Can somebody shed some light on this?
有人可以对此有所了解吗?
Thanks for reading
谢谢阅读
holli
Edit: This is the structure of the server:
编辑:这是服务器的结构:
Server
ou=FOO
ou=...
ou=Personal
uid=something
I need a list of uids.
我需要一份uid列表。
3 个解决方案
#1
5
I think you want it to be more like (&(ou=Personal)(ou=FOO)(o=FOO)(dc=foo)(dc=com)). But you are not clear at all on what you want exactly, so I can't make a filter for you.
我想你希望它更像是(&(ou =个人)(ou = FOO)(o = FOO)(dc = foo)(dc = com))。但是你根本不清楚你想要什么,所以我不能为你做一个过滤器。
Edited to add: I'm guessing this is what you want to do: (|(ou=Personal)(ou=FOO))
编辑补充:我猜这是你想做的事:( |(ou = Personal)(ou = FOO))
#2
4
The reason is that you are not providing syntactically correct filter strings, but parts of a DN. I can't imagine this works in Ldap Browser - I just tried myself without success.
原因是您没有提供语法正确的过滤字符串,而是DN的一部分。我无法想象这在Ldap浏览器中有效 - 我只是尝试了自己没有成功。
The first two are correct filter strings. They filter on a single object attribute in a "({attribute}={value})" fashion. The first ("ou=Personal") would return any OU named "Personal" within your search base.
前两个是正确的过滤字符串。它们以“({attribute} = {value})”方式过滤单个对象属性。第一个(“ou = Personal”)将在您的搜索库中返回任何名为“Personal”的OU。
If you explain in more detail what you are trying to find I can probably tell you what filter expression you need.
如果你更详细地解释你想要找到什么,我可以告诉你你需要什么过滤器表达式。
#3
2
Write a filter that conforms to RFC 2254 and then see what happens. You don't need a complex query, you want one attribute for every entry under one branch. Look at the attrs argument for the search method.
编写符合RFC 2254的过滤器,然后看看会发生什么。您不需要复杂查询,您希望一个分支下的每个条目都有一个属性。查看搜索方法的attrs参数。
#1
5
I think you want it to be more like (&(ou=Personal)(ou=FOO)(o=FOO)(dc=foo)(dc=com)). But you are not clear at all on what you want exactly, so I can't make a filter for you.
我想你希望它更像是(&(ou =个人)(ou = FOO)(o = FOO)(dc = foo)(dc = com))。但是你根本不清楚你想要什么,所以我不能为你做一个过滤器。
Edited to add: I'm guessing this is what you want to do: (|(ou=Personal)(ou=FOO))
编辑补充:我猜这是你想做的事:( |(ou = Personal)(ou = FOO))
#2
4
The reason is that you are not providing syntactically correct filter strings, but parts of a DN. I can't imagine this works in Ldap Browser - I just tried myself without success.
原因是您没有提供语法正确的过滤字符串,而是DN的一部分。我无法想象这在Ldap浏览器中有效 - 我只是尝试了自己没有成功。
The first two are correct filter strings. They filter on a single object attribute in a "({attribute}={value})" fashion. The first ("ou=Personal") would return any OU named "Personal" within your search base.
前两个是正确的过滤字符串。它们以“({attribute} = {value})”方式过滤单个对象属性。第一个(“ou = Personal”)将在您的搜索库中返回任何名为“Personal”的OU。
If you explain in more detail what you are trying to find I can probably tell you what filter expression you need.
如果你更详细地解释你想要找到什么,我可以告诉你你需要什么过滤器表达式。
#3
2
Write a filter that conforms to RFC 2254 and then see what happens. You don't need a complex query, you want one attribute for every entry under one branch. Look at the attrs argument for the search method.
编写符合RFC 2254的过滤器,然后看看会发生什么。您不需要复杂查询,您希望一个分支下的每个条目都有一个属性。查看搜索方法的attrs参数。