Professional Documents
Culture Documents
[IT09077744] [IT09061354]
e. Presence Filter: this matches any entry that has at least one value and return to the client. Ex: (emailAddresses=*)this example return whatever the value it contains, even at least one value also it is returned.
f.
Extensible Matching: This type of search filter is only supported by the LDAPv3. This also used to compare the values in other languages. Following syntax explain the extensible matching, extensible = attr *:dn+ *: matchingrule] := value attr indicates the attribute to match on, :dn indicates that the matching rule must in the comparison match. If this specified in the search operation, the match is applied to all the attributes in an entrys distinguished name. := indicates that without a matching rule results in an equality match, and value indicates comparison value. Ex: (sn:dn:2.4.6.9:=Althaf Nafees)
g. Negation: This search operation will search all the matching entries except what we have specified to search. Here ! exclamation mark will do the job. Ex: (!sn=Altafnfs) will search all the entries which does not contain the sn value Altafnfs.
h. Combining filter terms: This search operation use AND operation as well as OR operation. These two operations doing the same thing here as they actually do in the logic operation. Ex: (&(sn=Althafnfs) (objectClass=person)) will search entries with an object class person and sn value exactly equal to Althafnfs.
Authentication is another important thing. Authenticating as a user is a preferable way to get more access to the directory, because without binding a client can be access to the limited data. A client can do a simple authentication by typing D bind DN and w bind password options. Ex: Modify the first 2 lines as below, ldapsearch -h localhost -D "uid=bjensen,ou=people,dc=example,dc=com" -w hifalutin -s sub -b "dc=example,dc=com" "(cn=Barbara Jensen)" By default, the server returns all the attributes of an entry that we request. But if we need to get only some attributes then we append the attributes to end of the ldapsearch command line. Ex: 1. ldapsearch -h localhost -s sub -b "dc=example,dc=com" 2. "(cn=Barbara Jensen)" mail roomNumber 3. version: 1 4. dn: uid=bjensen, ou=People, dc=example,dc=com 5. mail: bjensen@example.com 6. roomNumber: 0209 Above line number 2 , we append the mail attribute and rootNumber attribute. Then we can only retrieve the desired attributes. Another thing to consider is using SSL to search the directory. If we need to encrypt data between ldapsearch and the server we need to use the -Z and P options. Z use to enable SSL and P use to getting the path to the certificate database. Here we use another option which is W option. This is use to specify the password for the SSL key database. Ex: ldapsearch -h localhost -Z -P /home/bjensen/.netscape/cert7.db -W "mycertdbpassword" N "My Certificate" -s sub -b "dc=example,dc=com" "(cn=Barbara Jensen)"