LDAP multiple or syntax

I'm hoping this is an easy question for any LDAP experts out there.

I'm using java, SearchDirContext's and a string builder to put together a query that looks like: (|(givenName=smith*)(sn=smith*)(middleName=smith*)(mail=smith*)(telephoneNumber=smith*)(buildingName=smith*)(department=smith*)(major=smith*)(minor=smith*)). The idea being to allow a user to search with a single string and get results matching any of those attributes.

The query completes successfully but with inaccurate results. For example if I search for myself (I know my record exists)...

• by last name I get no results
• by first name (which there should be hundreds of results for) I get a small subset (9) which does not include my entry.

I would like to first eliminate any possibility for issues with my query, if you would like more information/code snippits of the execution of the code let me know and I can provide it.

Also please keep in mind I am a strong advocate of doing things correctly and am willing to modify any part of my code to make things more efficient.

------------------- (EDIT) So the syntax is correct.... (EDIT)--------------------

Here is some code around my query, maybe this can determine if my results are getting cutoff.

      try {
          context = ldapPooler.getContext(); // Returns a custom SearchDirContext object wrapping a javax.naming.DirContext.
          SearchControls controls = new SearchControls();
          controls.setCountLimit(maxResultCount);

          Integer resultCount = 0;

          // They try block is from an example found at
          // http://www.java2s.com/Code/Java/JNDI-LDAP/howtoperformasearchandlimitthenumberofresultsreturned.htm
          // The goal was to limit the results.

          try {

            logger.debug("Finished w/the search string: " + ldapSearchString);

            @SuppressWarnings("unchecked")
            NamingEnumeration<SearchResult> result = context.search("ou=People", ldapSearch开发者_如何学CString, controls);
            // SearchDirContext.search simply calls DirContext.search with the passed attributes.

            while (result.hasMore()) {
                searchResults.add(result.next());
                resultCount++;
            }
            logger.debug("Found results: " + resultCount);

          } catch (LimitExceededException lee) {

            logger.debug("Caught LimitExceededException w/resultCount: " + resultCount);

            if (resultCount == maxResultCount) {
                logger.debug("Found " + resultCount + " results.");
            } else {
                logger.debug("In the else....not throwing an exception. Found " + resultCount + " results.");
            }

          } finally {
            context.close();
          }
      } catch (NamingException ne) {
        logger.error("Caught a NamingException while gettingContactCardsBySearchString(" + searchString + ")");
        throw new LdapLookupFailedException(ne);
      } catch (Exception e) {
        logger.error("Caught Exception while gettingContactCardsBySearchString(" + searchString + ")");
        throw new LdapLookupFailedException(e);
      }

Your filter syntax is correct as per RFC 4515. I suggest you don't put the test values in the search string. Use the {0}, {1} notation and supply the values as arguments to search(). You may be running up against paginated search results when you get fewer than expected. I would test your filters with an independent LDAP client such as JXplorer.

Turns out this was a permissions issue. The account created did not have access to the attributes I was searching. I would be interested to know what the expected result of a query on attributes the authenticated user doesn't have access to are, if anyone out there wants to post that would be great. Otherwise I guess I learned a little about LDAP through this whole deal, thanks for taking the time to try and help!