LDAP Search wildcard not working

Question

I am trying to search my LDAP directory and I am unable to search with substring filters when the value is a set of attributes and values.

Scenario: In my python script, I am able to search the LDAP server. Therefore, I will omit code regarding the connection, DN configuration amongst others and focus on the Filter.

Filter1: (works)

'(&(objectClass=person)(managedObjects=CN=SKSOBHEE-MOBL,OU=Mobile,OU=Production,OU=Windows 7,OU=IT Client,OU=Resources,DC=emea,DC=xx,DC=yy,DC=com)(objectClass=organizationalPerson)(objectClass=user))'

Filter2: (fails)

'(&(objectClass=person)(managedObjects=CN=SKSOBHEE-MOBL*)(objectClass=organizationalPerson)(objectClass=user))'

Searching with Filter1 returns a user but fails with Filter2 when I use the substring.

Searching is done using:

l.search_s(BASE_DN, SCOPE, Filter1, Attrs)

I would appreciate some help on this!

Thank you.

Answer 1

Instead of wildcard, use substring instead when asking about these types of filters.

When a substring filter is used, a substring matching rule must be defined for the attribute used in the filter. For equality filters, there must be an equality match, for substring filters, a substring match, etc.

Here is an example of an attribute definition of name with an equality and a substring rule:

attributeTypes: ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
  SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
  X-ORIGIN 'RFC 4519' )

If a matching rule is not included for the type of filter, the search won't work as you might think.

see also

• LDAP: Mastering Search Filters
• LDAP: Search best practices
• LDAP: Programming practices