Writing LDAP query filter

Question

I have trouble writing a filter for LDAP query.

I have two object classes - Person and Service. Database consists of a number of Persons, each having zero or more services as children. Each person has an identifier, personNumber attribute. I want to select several persons and all their services given person numbers. Is it possible to do so in one query?

For example, if we have the following set of objects:

                personNumber=1,ou=root,o=org
serviceNumber=1,personNumber=1,ou=root,o=org
serviceNumber=2,personNumber=1,ou=root,o=org
                personNumber=2,ou=root,o=org
serviceNumber=3,personNumber=2,ou=root,o=org
                personNumber=3,ou=root,o=org
serviceNumber=4,personNumber=3,ou=root,o=org

, is it possible, given person numbers 1 and 2, to retrieve these objects:

                personNumber=1,ou=root,o=org
serviceNumber=1,personNumber=1,ou=root,o=org
serviceNumber=2,personNumber=1,ou=root,o=org
                personNumber=2,ou=root,o=org
serviceNumber=3,personNumber=2,ou=root,o=org

but not these:

                personNumber=3,ou=root,o=org
serviceNumber=4,personNumber=3,ou=root,o=org

, using one query only? It is an example; it is possible to have more than two identifiers to load. They are not known a priori.

Also, is there a way to specify that attribute value should be in some collection of values, like IN (..) clause in SQL, other than generating big (|(a=..)(a=..)(a=..)..) filter?

rene · Accepted Answer

If person doesn't have a multivalued attribute holding the service there is no way this can be returned in one ldapsearch. You'll need at least a two stage rocket: first select person, for each person check on childnodes.

AFAIK there is no IN operator in LDAP filters. The RFC is clear about that. So you're stuck with your tedious (|(a=s1)(a=s2)(a=s3)...) construct.

Writing LDAP query filter

Answers (2)

Related Questions