开发者

PHP LDAP Search seems not to be matching *

Using LDAP Search and a * seems to work fine with words, but with a number it doesn't seem to work:

Debug output from my class (homebrew):

Query: Peter is string
Search for cn=Peter
Search for cn=Peter*
Found: 439

Query: 7565 is number
Search for PersonID=7565
Search for PersonID=7565*
Found: 0

Query: 7565025 is number
Search for 
Found: 1

Kind of hard to show the code as it is a collection of classes but the part performing the search is using the string after the for:

E.开发者_开发技巧g (this is fabricated)

ldap_search($connection, $base, "cn=Peter*", array("dn"));
ldap_search($connection, $base, "PersonID=7565", array("dn"));
ldap_search($connection, $base, "PersonID=7565025", array("dn"));

Do you know why the second query on 7565* returns no results but the last on the full number does return results?

Thanks,


You probably know that on your LDAP Directory, you've got a SCHEMA. SCHEMA is usaly known to provide classes (types) and attributes. But in fact in most Directories the SCHEMA provides two other features for the attributes that are :

  1. The syntax of the attribute generaly given by an OID
  2. Matching rules that are effectively used to match the attribute

Example :

attributeType ( 2.5.4.41 NAME 'name'
                DESC 'name(s) associated with the object'
                EQUALITY caseIgnoreMatch
                SUBSTR caseIgnoreSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

In the example the matching rules are EQUALITY and SUBSTR that are most of the time linked to the Directory String syntax (1.3.6.1.4.1.1466.115.121.1.15).

You can encounter the following matching rules :

EQUALITY
ORDERING
SUBSTR

The matching rule SUBSTR is the one generaly used when you write (cn=Peter*) filter

So my advice is : have a look on your attribute "PersonID" in your SCHEMA and the "syntax/matching rules" will give you the type of filter you can apply

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜