Menu
▾
▴
perl-ldap-dev
|
From: Vanole, M. <mik...@at...> - 2002-08-13 15:53:58
|
Correction below on the range filter. I was actually trying this:
my $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated =<
20020812235959.0Z))"
or
my $filter = "(&(whenCreated >= 200208120000000Z) (whenCreated =<
200208122359590Z))"
and even this:
my $filter = "(&(whencreated >= 20020812000000.0Z))";
or
my $filter = "(&(whencreated >= 200208120000000Z))";
> -----Original Message-----
> From: Vanole, Mike
> Sent: Tuesday, August 13, 2002 10:39 AM
> To: 'per...@li...'
> Subject: Net::LDAP Filter question
>
> Hi,
>
> I'm trying to limit the return results with a tight filter. When I try to
> use the "*" in the following where I limit the search at
> "(whencreated=20020812*.0Z*) I get an error:
>
> my $filter = "(&(samaccountname=${_}*) (samaccounttype=805556789)
> (!(objectcategory=group)) (whencreated=20020812*.0Z*))";
> 00000057: LdapErr: DSID-0C090534, comment: Error processing filter, data
> 0, v893 at get4 line 62.
>
> The search only works when I enter the full timestamp.
>
> These work fine:
> my $filter = "(&(samaccountname=${_}*) (samaccounttype=805556789)
> (!(objectcategory=group)))";
> my $filter = "(&(samaccountname=${_}*) (samaccounttype=805556789)
> (!(objectcategory=group)) (whencreated=20020812230501.0Z))";
> my $filter = "(whencreated=20020812230501.0Z)";
>
> I tried the following from another post but it did not work, probably
> because we have the ".0Z" at the end of the timestamp:
> my $filter = "(&(whenCreated >= 20020812000000.0Z)
> (whenCreated=20020812235959.0Z))"
> or
> my $filter = "(&(whenCreated >= 200208120000000Z)
> (whenCreated=200208122359590Z))"
>
> This is what an entry looks like:
> whenChanged: 20020617191927.0Z
> whenCreated: 20000930082047.0Z
>
> Thanks in advance for any suggestions,
> Mike
|
|
From: Vanole, M. <mik...@at...> - 2002-08-13 18:08:42
|
Thanks for the path to go down.
My ldap admin says the fields are not text so wildcards won't work. He
suggested trying this without the equals symbol, but it also failed (a bit
differently):
$filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
20020812235959.0Z))";
Bad filter at get_ldap.pl line 63.
This also fails with "Bad filter":
my $filter = "(whencreated > 20020812000000.0Z)";
I can do this but I still don't achieve my objective of getting under the
server imposed sizelimit:
$whenCreated = $entry->get_value( whenCreated, asref => 0 );
if ($whenCreated =~ /^20020812/) {
..do something perlish...
Working with Net::LDAP and seeking advice from my ColdFusion counterparts I
am finding they are only a little helpful because the differences in options
available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
many. For instance I am bumping into a server imposed sizelimit with
Net::LDAP that the NT guys don't have. And apparently they don't have the
filter issues I'm having. Is there a *differences* document that anyone can
point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
-----Original Message-----
From: Chris Ridd [mailto:chr...@me...]
Sent: Tuesday, August 13, 2002 11:30 AM
To: Vanole, Mike; Vanole, Mike; 'per...@li...'
Subject: Re: Net::LDAP Filter question
On 13/8/02 4:53 pm, Vanole, Mike <mik...@at...> wrote:
> Correction below on the range filter. I was actually trying this:
>
> my $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated =<
> 20020812235959.0Z))"
> or
> my $filter = "(&(whenCreated >= 200208120000000Z) (whenCreated =<
> 200208122359590Z))"
>
> and even this:
> my $filter = "(&(whencreated >= 20020812000000.0Z))";
> or
> my $filter = "(&(whencreated >= 200208120000000Z))";
Does your server support ordering (ie >= and <=) matching rules on the
whencreated attribute? You may need to download the schema to discover this.
If so, do you need any additional indexes on the server?
Cheers,
Chris
|
|
From: Chris R. <chr...@me...> - 2002-08-14 07:39:03
|
On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
> Thanks for the path to go down.
>
> My ldap admin says the fields are not text so wildcards won't work. He
Correct. The syntax of your attributes seems to be GeneralizedTime;
attributes using this syntax typically only allow equality match (=) and
ordering matches (>= and <=). No substring matching rules are usually
defined (though you could check your server) and hence no "wildcards" are
allowed in searches.
> suggested trying this without the equals symbol, but it also failed (a bit
> differently):
> $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> 20020812235959.0Z))";
>
> Bad filter at get_ldap.pl line 63.
>
> This also fails with "Bad filter":
> my $filter = "(whencreated > 20020812000000.0Z)";
Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
> I can do this but I still don't achieve my objective of getting under the
> server imposed sizelimit:
>
> $whenCreated = $entry->get_value( whenCreated, asref => 0 );
>
> if ($whenCreated =~ /^20020812/) {
> ..do something perlish...
>
> Working with Net::LDAP and seeking advice from my ColdFusion counterparts I
> am finding they are only a little helpful because the differences in options
> available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
> many. For instance I am bumping into a server imposed sizelimit with
> Net::LDAP that the NT guys don't have. And apparently they don't have the
> filter issues I'm having. Is there a *differences* document that anyone can
> point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
There's no reason you couldn't use the same sort of filter that they're
using. Do the server logs contain their search filters? If not, consider
snooping the LDAP network traffic between ColdFusion and the directory.
Programs like Ethereal <http://www.ethereal.com/> will do this and decode
lots of protocols (including LDAP :-) automatically.
Cheers,
Chris
|
|
From: Vanole, M. <mik...@at...> - 2002-08-14 23:24:13
|
Thank you for your input Chris.
I did look at the RFC first but it couldn't help me with this. The problem
was so simple I can't believe there was even a problem.
This filter fails:
$filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
20020812235959.0Z))";
and this filter succeeds:
$filter = "(&(whenCreated>=20020812000000.0Z)
(whenCreated<=20020812235959.0Z))";
The only difference is the space character before and after the ordering
matches. I don't know if this is by design or specific to my environment,
but if it is a requirement maybe the next release of Net::LDAP could strip
this stuff out where required.
Thanks again!
-----Original Message-----
From: Chris Ridd [mailto:chr...@me...]
Sent: Wednesday, August 14, 2002 02:38
To: Vanole, Mike; 'per...@li...'
Subject: Re: Net::LDAP Filter question
On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
> Thanks for the path to go down.
>
> My ldap admin says the fields are not text so wildcards won't work. He
Correct. The syntax of your attributes seems to be GeneralizedTime;
attributes using this syntax typically only allow equality match (=) and
ordering matches (>= and <=). No substring matching rules are usually
defined (though you could check your server) and hence no "wildcards" are
allowed in searches.
> suggested trying this without the equals symbol, but it also failed (a bit
> differently):
> $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> 20020812235959.0Z))";
>
> Bad filter at get_ldap.pl line 63.
>
> This also fails with "Bad filter":
> my $filter = "(whencreated > 20020812000000.0Z)";
Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
> I can do this but I still don't achieve my objective of getting under the
> server imposed sizelimit:
>
> $whenCreated = $entry->get_value( whenCreated, asref => 0 );
>
> if ($whenCreated =~ /^20020812/) {
> ..do something perlish...
>
> Working with Net::LDAP and seeking advice from my ColdFusion counterparts
I
> am finding they are only a little helpful because the differences in
options
> available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
> many. For instance I am bumping into a server imposed sizelimit with
> Net::LDAP that the NT guys don't have. And apparently they don't have the
> filter issues I'm having. Is there a *differences* document that anyone
can
> point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
There's no reason you couldn't use the same sort of filter that they're
using. Do the server logs contain their search filters? If not, consider
snooping the LDAP network traffic between ColdFusion and the directory.
Programs like Ethereal <http://www.ethereal.com/> will do this and decode
lots of protocols (including LDAP :-) automatically.
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2002-08-14 23:33:29
|
What versions of Net::LDAP and Net::LDAP::Filter do you have ? Whitespace
should not matter
Graham.
On Wed, Aug 14, 2002 at 06:23:55PM -0500, Vanole, Mike wrote:
> Thank you for your input Chris.
>
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem.
>
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
>
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
>
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.
>
> Thanks again!
>
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Wednesday, August 14, 2002 02:38
> To: Vanole, Mike; 'per...@li...'
> Subject: Re: Net::LDAP Filter question
>
>
> On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
>
> > Thanks for the path to go down.
> >
> > My ldap admin says the fields are not text so wildcards won't work. He
>
> Correct. The syntax of your attributes seems to be GeneralizedTime;
> attributes using this syntax typically only allow equality match (=) and
> ordering matches (>= and <=). No substring matching rules are usually
> defined (though you could check your server) and hence no "wildcards" are
> allowed in searches.
>
> > suggested trying this without the equals symbol, but it also failed (a bit
> > differently):
> > $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> > 20020812235959.0Z))";
> >
> > Bad filter at get_ldap.pl line 63.
> >
> > This also fails with "Bad filter":
> > my $filter = "(whencreated > 20020812000000.0Z)";
>
> Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
>
> > I can do this but I still don't achieve my objective of getting under the
> > server imposed sizelimit:
> >
> > $whenCreated = $entry->get_value( whenCreated, asref => 0 );
> >
> > if ($whenCreated =~ /^20020812/) {
> > ..do something perlish...
> >
> > Working with Net::LDAP and seeking advice from my ColdFusion counterparts
> I
> > am finding they are only a little helpful because the differences in
> options
> > available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP are
> > many. For instance I am bumping into a server imposed sizelimit with
> > Net::LDAP that the NT guys don't have. And apparently they don't have the
> > filter issues I'm having. Is there a *differences* document that anyone
> can
> > point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
>
> There's no reason you couldn't use the same sort of filter that they're
> using. Do the server logs contain their search filters? If not, consider
> snooping the LDAP network traffic between ColdFusion and the directory.
> Programs like Ethereal <http://www.ethereal.com/> will do this and decode
> lots of protocols (including LDAP :-) automatically.
>
> Cheers,
>
> Chris
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
|
|
From: Vanole, M. <mik...@at...> - 2002-08-15 02:15:01
|
Net::LDAP is 0.251
Net::LDAP::Filter is 0.12
Built with perl -MCPAN -e 'install Net::LDAP'
-----Original Message-----
From: Graham Barr [mailto:gb...@po...]
Sent: Wednesday, August 14, 2002 6:29 PM
To: Vanole, Mike
Cc: 'Chris Ridd'; 'per...@li...'
Subject: Re: Net::LDAP Filter question
What versions of Net::LDAP and Net::LDAP::Filter do you have ? Whitespace
should not matter
Graham.
On Wed, Aug 14, 2002 at 06:23:55PM -0500, Vanole, Mike wrote:
> Thank you for your input Chris.
>
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem.
>
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
>
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
>
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.
>
> Thanks again!
>
> -----Original Message-----
> From: Chris Ridd [mailto:chr...@me...]
> Sent: Wednesday, August 14, 2002 02:38
> To: Vanole, Mike; 'per...@li...'
> Subject: Re: Net::LDAP Filter question
>
>
> On 13/8/02 7:08 pm, Vanole, Mike <mik...@at...> wrote:
>
> > Thanks for the path to go down.
> >
> > My ldap admin says the fields are not text so wildcards won't work. He
>
> Correct. The syntax of your attributes seems to be GeneralizedTime;
> attributes using this syntax typically only allow equality match (=) and
> ordering matches (>= and <=). No substring matching rules are usually
> defined (though you could check your server) and hence no "wildcards" are
> allowed in searches.
>
> > suggested trying this without the equals symbol, but it also failed (a
bit
> > differently):
> > $filter = "(&(whenCreated > 20020812000000.0Z) (whenCreated <
> > 20020812235959.0Z))";
> >
> > Bad filter at get_ldap.pl line 63.
> >
> > This also fails with "Bad filter":
> > my $filter = "(whencreated > 20020812000000.0Z)";
>
> Also correct; LDAP filters support <= and >=, not < and >. See RFC 2254.
>
> > I can do this but I still don't achieve my objective of getting under
the
> > server imposed sizelimit:
> >
> > $whenCreated = $entry->get_value( whenCreated, asref => 0 );
> >
> > if ($whenCreated =~ /^20020812/) {
> > ..do something perlish...
> >
> > Working with Net::LDAP and seeking advice from my ColdFusion
counterparts
> I
> > am finding they are only a little helpful because the differences in
> options
> > available between ADO, VB, and ColdFusion (basically NT) and Net::LDAP
are
> > many. For instance I am bumping into a server imposed sizelimit with
> > Net::LDAP that the NT guys don't have. And apparently they don't have
the
> > filter issues I'm having. Is there a *differences* document that anyone
> can
> > point me to? I'm die-hard-perl-on-UNIX so moving to NT is not an option.
>
> There's no reason you couldn't use the same sort of filter that they're
> using. Do the server logs contain their search filters? If not, consider
> snooping the LDAP network traffic between ColdFusion and the directory.
> Programs like Ethereal <http://www.ethereal.com/> will do this and decode
> lots of protocols (including LDAP :-) automatically.
>
> Cheers,
>
> Chris
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
|
|
From: Chris R. <chr...@me...> - 2002-08-15 08:00:13
|
"Vanole, Mike" <mik...@at...> wrote:
> Thank you for your input Chris.
>
> I did look at the RFC first but it couldn't help me with this. The problem
> was so simple I can't believe there was even a problem.
>
> This filter fails:
> $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <=
> 20020812235959.0Z))";
>
> and this filter succeeds:
> $filter = "(&(whenCreated>=20020812000000.0Z)
> (whenCreated<=20020812235959.0Z))";
>
> The only difference is the space character before and after the ordering
> matches. I don't know if this is by design or specific to my environment,
> but if it is a requirement maybe the next release of Net::LDAP could strip
> this stuff out where required.
Ah, I hadn't noticed the whitespace before. The grammar in RFC 2254 doesn't
appear to permit additional whitespace in the expression, so you should
probably try to avoid adding it where you don't need it.
Possibly the whitespace in front of the values you're testing ("
20020812000000.0Z") are being considered as part of the value to be
compared against, which is also causing problems.
Anyway, I suspect removing unnecessary whitespace from your filter string
will solve at least some of your problems.
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2002-08-15 18:17:50
|
On Thu, Aug 15, 2002 at 09:02:54AM +0100, Chris Ridd wrote: > Ah, I hadn't noticed the whitespace before. The grammar in RFC 2254 doesn't > appear to permit additional whitespace in the expression, so you should > probably try to avoid adding it where you don't need it. Yeah, I realized that after I posted. I also wrote this test #!perl -l use Net::LDAP::Filter; $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated <= 20020812235959.0Z))"; print Net::LDAP::Filter->new($filter)->as_string; $filter = "(&(whenCreated>=20020812000000.0Z) (whenCreated<=20020812235959.0Z))"; print Net::LDAP::Filter->new($filter)->as_string; __END__ (&(whenCreated>= 20020812000000.0Z)(whenCreated<= 20020812235959.0Z)) (&(whenCreated>=20020812000000.0Z)(whenCreated<=20020812235959.0Z)) As you can see it ignores whitespace before the operator, but not after. Re-reading the RFC I dont really want to change it. If there are other libraries that ignore whitespace after the operator, I would say they are broken. Graham. |
|
From: Chris R. <chr...@me...> - 2002-08-16 08:32:03
|
On 15/8/02 7:13 pm, Graham Barr <gb...@po...> wrote: > As you can see it ignores whitespace before the operator, but not after. That's reasonable behaviour. If you wanted to match a value that started with a space, and the server's matching rules supported that, then removing the whitespace after the operator would be bad. > Re-reading the RFC I dont really want to change it. If there are other > libraries that > ignore whitespace after the operator, I would say they are broken. Agreed. Cheers, Chris |
|
From: Chris R. <chr...@me...> - 2002-08-13 16:31:28
|
On 13/8/02 4:53 pm, Vanole, Mike <mik...@at...> wrote: > Correction below on the range filter. I was actually trying this: > > my $filter = "(&(whenCreated >= 20020812000000.0Z) (whenCreated =< > 20020812235959.0Z))" > or > my $filter = "(&(whenCreated >= 200208120000000Z) (whenCreated =< > 200208122359590Z))" > > and even this: > my $filter = "(&(whencreated >= 20020812000000.0Z))"; > or > my $filter = "(&(whencreated >= 200208120000000Z))"; Does your server support ordering (ie >= and <=) matching rules on the whencreated attribute? You may need to download the schema to discover this. If so, do you need any additional indexes on the server? Cheers, Chris |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X