LDAPSearch with specific filter question

By: yoom nguyen user 26 Sep 2016 at 11:51 a.m. CDT

7 Responses
yoom nguyen gravatar
Is there a way to get the same result as shown below if the ldapsearch doesn't contain the * at the beginning and at the ending of a sub-string? I do not get anything results if I use these options: ``` "oxTrustEmail=sati3@galco.com" or "oxTrustEmail=sati3@galco.com*" or "oxTrustEmail=*sati3@galco.com" ``` But if I use this "oxTrustEmail=*sati3@galco.com*" I will get back the results below. ``` ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -w password -b "o=gluu" "oxTrustEmail=*sati3@galco.com*" dn: inum=@!C032.849B.2FA5.5E8C!0001!BCB6.4A42!0000!9509.41CE,ou=people,o=@!xx2. 84xx.2xxx5.xxxxxxx.xxxxx,o=gluu oxTrustAddresses: [{"type":"Work","streetAddress":"8403 maio street","locality": "farmington","region":"MI","postalCode":"48336","country":"USA","formatted":"84 03 maio street farmington 48336 MI USA","primary":"true"}] gluuStatus: active uid: sati3@galco.com userPassword: {xxxxxxxxxxxxxxxxxxxxaA== sType: test1,test2,test3,test4 oxTrustEmail: [{"value":"sati@galco.com","type":"Work","primary":"True"}] preferredLanguage: US_en contNo: 1 givenName: manepalli3 objectClass: gluuPerson objectClass: ox-C032849B2FA55xxxxxxxxxx2 objectClass: top cn: manepalli3 hari3 sn: hari3 oxLastLogonTime: 20160913143330.851Z iname: null*person*sati3@galco.com displayName: manepalli3-hari3 oxTrustPhoneValue: [{"value":"2489828403","type":"Work"}] inum: @!xxxxx.2xxx.5xxxxxxxxxxxxxxxxxxxxxxxxxxxxx9.41CE ``` Any ideas how to form a correct filter? Thanks, Yoom
Gluu Other CentOS65
closed

Answers

By Aliaksandr Samuseu staff 26 Sep 2016 at 12:09 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Yoom. As `oxTrustEmail` contains a json object, which is a string from the LDAP server's point of view, it's not surprising you can't get a response for those 3 filters. Only the last one, which asks for a sub-string in the middle of some value is expected to work. Regarding how to tackle it (I assume this json format is needed by some of your workflows, so you can't change it to simply contain email of the user) - if you are using CR to pull in your user entries from some backend, you could use another attribute to store just user's email address. You could populate this attribute through CR's mappings, or CR custom script. Best regards, Alex.

By Aliaksandr Samuseu staff 26 Sep 2016 at 12:14 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
..Another approach could be using filter like this: `(&(objectclass=gluuPerson)(oxTrustEmail=*))` which will return all entries that has this attribute populated, and then to process those entries in your script, filtering out only ones you need. Though it may be not very efficient.

By yoom nguyen user 26 Sep 2016 at 12:45 p.m. CDT

Copy
yoom nguyen gravatar
Aliaksandr, This sysntax does not, any idea what I am missing? ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -w password -b "o=gluu" "(&(objectclass=gluuPerson)(oxTrustEmail=*))" Thanks, Yoom

By yoom nguyen user 26 Sep 2016 at 1:11 p.m. CDT

Copy
yoom nguyen gravatar
Aliaksandr, What is CR ? Also, it is in json format and it is in LDAP table. It seems one might able to query using ldapsearch? by specificity provide a json format type and value, right? This is the format and there is only one VALUE in this json string: oxTrustEmail: [{"value":"sati@galco.com","type":"Work","primary":"True"}] Can you think a clever way to get the specific result?? Something like embedded jason value or some sort in the attribute... I have tried different option but have not get it to work yet. Could you guys think of any way? ./ldapsearch -h localhost -p 1389 -D "cn=directory manager" -w password -b "o=gluu" "oxTrustEmail=value:=sati3@galco.com" Thanks, Yoom

By Aliaksandr Samuseu staff 26 Sep 2016 at 1:13 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Filter seems to be correct. Try to add `-s sub` to your request, mb? Also, I'm sure that SSL-less connector at port 1389 isn't enabled by default in current Gluu CE packages (which is 2.4.4). If you are using some old instance by any chance, please try to upgrade it if possible.

By Aliaksandr Samuseu staff 26 Sep 2016 at 1:22 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
> What is CR ? It's Cache Refresh which is used to import user entries from your backend LDAP. Please check [here](https://www.gluu.org/docs/oxtrust/configuration/#cache-refresh) for details. > Also, it is in json format and it is in LDAP table. It seems one might able to query using ldapsearch? LDAP doesn't "understand" json as an attribute type, at least OpenDJ doesn't. To it it's just a string. So it will do searches for it using simple string comparison.

By Aliaksandr Samuseu staff 28 Sep 2016 at 3:23 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Yoom. Do you think we need to keep this ticket open?

Post an answer