Reputation: 141
search for a DN using substring matching
I have an OpenLDAP installation and I need to find an entry, from my custom schema extension, based on a DN value.
To be more specific I have an attribute (certSubjectDN) added to one of my custom classes that contains a DN which is used for certificate based authentication on a web server using smart cards (PKI auth). From what I understand a filtered search with substring matching against Active Directory, e.g. (certSubjectDN=CN=lastname.firstname*), will match against any entry where the value of certSubjectDN begins with 'CN=lastname.firstname'. This does not work with OpenLDAP.
I have attempted to add a matching rule to the attribute, SUBSTR caseIgnoreSubstringsMatch, but OpenLDAP refuses to accept that change, presumably because it is strictly following the LDAP specifications.
Can someone think of a way that I can perform such a substring match against an attribute of the DN type within OpenLDAP? Or should I just change that attribute to be a Directory String?
Thanks, Chris
Upvotes: 1
Views: 1065
Answers (1)
Reputation: 900
I am not an OpenLDAP expert, but I think you are on the right path. The DN syntax does not allow substring matching. The string syntax does.
If this fails, I would try to define a custom attribute with string syntax and the appropriate substring matching rule.
I hope this helps.
Upvotes: 1
Related Questions
- What are CN, OU, DC in an LDAP search?
- How can I search for a commit message on GitHub?
- How can I grep Git commits for a certain word?
- Search a list of dictionaries in Python
- How to do case insensitive search in Vim
- Search all the occurrences of a string in the entire project in Android Studio
- Rails - Determining group membership after authenticating against an OpenLDAP server
- Case insensitive substring LDAP search on OpenLDAP 2.4.33