Re: Using DN to search

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Craig Robinson <cra...@en...> wrote:
> Experts,
> 
> Maybe a simple question, but I have no idea how to do it!
> 
> Normally, when I do searches I specify a filter to seach for [eg.
> $filter=(uid=*);] and some attributes [eg. @attrs=qw(mail);].  However, I
> cannot use the DN as a filter [eg. $filter=(dn=cn=Craig Robinson);].

Since the DN isn't an attribute of the entry (according to the standards),
you can't search for it like that. What you *might* be able to do
(depending on your server) is to do an extensible match. See this excerpt
from RFC 2254:

-----
The following examples illustrate the use of extensible matching.

   (cn:1.2.3.4.5:=Fred Flintstone)
   (sn:dn:2.4.6.8.10:=Barney Rubble)
   (o:dn:=Ace Industry)
   (:dn:2.4.6.8.10:=Dino)

The second example illustrates the use of the ":dn" notation to indicate
that matching rule "2.4.6.8.10" should be used when making comparisons, and
that the attributes of an entry's distinguished name should be considered
part of the entry when evaluating the match.

The third example denotes an equality match, except that DN components
should be considered part of the entry when doing the match.

The fourth example is a filter that should be applied to any attribute
supporting the matching rule given (since the attr has been left off).
Attributes supporting the matching rule contained in the DN should also be
considered.
-----

Given your next question, I'm unsure if this is what you really want to
do...

> If you know the DN, does anyone know how to return a single (or a number
> of) attributes for that DN only? 

What you want is a 'read' operation. Unfortunately LDAP doesn't have a read
operation, so you have to simulate it with a search.

Do a base object search with the base set to that DN, and list the
attributes you want in attrs. Use a filter that "must" succeed on the
entry, like (objectclass=*), ie check for presence of objectclass:

	$ldap->search(base => "cn=That Entry,o=My Company,c=WW",
	              scope => "base",
	              filter => "(objectclass=*)",
	              attrs => [qw(cn sn mail)]);

Cheers,

Chris