directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject Re: Unrequested attributes returned on ldap search
Date Tue, 28 Aug 2007 18:20:28 GMT
Damn, I'm wrong !!! :

4.5.1.8.  SearchRequest.attributes

   A selection list of the attributes to be returned from each entry
   that matches the search filter.  Attributes that are subtypes of
   listed attributes are implicitly included.  LDAPString values of this
   field are constrained to the following Augmented Backus-Naur Form
   (ABNF) [RFC4234]:

      attributeSelector = attributedescription / selectorspecial

      selectorspecial = noattrs / alluserattrs

      noattrs = %x31.2E.31 ; "1.1"

      alluserattrs = %x2A ; asterisk ("*")

Notes that the attributeSelector is exclusive, but this applies to a
single attribute, not to the list. This makes sense to mix * and
attributes, if you want to get some operationnal attributes, for
instance.

Sorry for the false alarm.

E.


On 8/28/07, Stefan Zoerner <stefan@labeo.de> wrote:
> Emmanuel Lecharny wrote:
> > Well, I think I get it fixed now, and as the fix also fixes a real bug
> > we have (can you confirm that if you do a ldapsearch with cn and *,
> > you get all the attrs instead of just the cn, as expected wrt the RFC
> > ?)
> >
> > Thanks !
>
> Performed against a ApacheDS 1.03 SNAPSHOT, I get this
>
> $ ldapsearch -h localhost -p 10389 -b "dc=example,dc=com" -D
> "uid=admin,ou=system" -w secret "(cn=Tori*)" cn *
> version: 1
> dn: cn=Tori Amos,dc=example,dc=com
> sn: Amos
> userpassword: geheim
> cn: Tori Amos
> objectClass: person
> objectClass: top
>
> I use the native ldapsearch here, which is assumed to work correctly.
>
> As you have described, I get all user attributes. I am surprised that
> this is wrong. Only cn is expected?
>
> Greetings,
>      Stefan
>
>


-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message