|
From: Neil W. <nei...@pi...> - 2017-01-26 18:15:52
|
On Thu, Jan 26, 2017 at 6:43 AM, Nikos Gkotsis <oks...@gm...> wrote:
> Hello,
>
> While using your ldap-sdk, a question came up.
>
> I am thinking of making one ldap entry (one DN) with several attributes,
> key value pair of strings.
> My question is the following:
>
> Is there a way to get attributes using a wildcard, eg all attributes whose
> name starts with a.
> I tried using the following but this attributes parameter does not work as
> i would like to when i passed it as "a*'.
> Filter is just a trivial one that leads me to my one and only entry.
>
> SearchRequest searchRequest = new SearchRequest("uid=aaa", SearchScope.SUB, filter, "a*");
>
>
>
You can’t use a wildcard in exactly the way that you’re trying to use it.
There is no way to request just attribute names that start with “a”.
However, LDAP does support a few different kinds of wildcards for
requesting attributes. They are:
- If you want to request all user attributes (that is, all attributes that
are intended for regular applications to interact with) you can request
“*”. All directory servers that I’m aware of support this feature.
- If you want to request all operational attributes (that is, attributes
that are used internally by the server for maintaining per-entry state or
configuration, for example, when the user last changed their password, the
number of failed authentication attempts since the last successful login,
etc.). This is a standard feature of LDAP, and most directory servers
support it, but last time I checked, Oracle DSEE did not, and there may be
others that don’t.
- If you want to request all attributes that are associated with a
particular object class, you can precede the name of that object class with
the at sign (for example, “@inetOrgPerson” will request all attributes
associated with the inetOrgPerson object class). This capability is
described in RFC 4529, and there may not be that many servers that support
it. However, if a server does support it, then its root DSE should list
“1.3.6.1.4.1.4203.1.5.2” as one of the values of the supportedFeatures
operational attribute.
You can combine these if you want (for example, if you request both “*” and
“+”, then that should return all user attributes and all operational
attributes that you’re allowed to see). But in your case, you probably
just want to use “*”, since you shouldn’t mess with operational attributes
unless you know what you’re doing. And then when the server returns the
entry, you can simply iterate across the attributes and only look at the
ones with names that start with “a”.
Neil
> Thanks
> Nikos
> --
> https://www.mixcloud.com/attuhs/
>
|
