Searching the DIT

Like relational and other database types LDAP provides a query language to filter result entries.

exercise No. 3

Filtering child elements

Q:

Create LDAP queries corresponding to the following descriptions:

  1. All users entries within the whole DIT having a gidNumber value of 100.

  2. All user entries belonging to the billing department having a uid value greater than 1023.

  3. All user entries within the whole DIT having a common name containing the substring ei.

  4. All user entries within the whole DIT belonging to gidNumber == 100 or having a uid value starting with letter t.

Hint: Apache Directory Studio allows both for filtering and searching providing nifty features like attribute name completion and syntax highlighting. For regular searches you may define:

  • The DIT entry to start from being identified by its DN.

  • The search scope being either of object, one level or subtree.

  • Boolean expressions based on attribute values.

But yes, I forgot to mention something.

A:

  1. All users entries within the whole DIT having a gidNumber value of 100.

    Solution: (gidNumber=100), starting from top of DIT having subtree scope.

  2. All user entries belonging to the billing department having a uid value greater than 1023.

    Solution: (uidNumber>=1024) starting from DN ou=billing,dc=hdm-stuttgart,dc=de and scope one level.

    Notice the expression (uidNumber>=1024) in favour of the seemingly equivalent but syntactically illegal counterpart (uidNumber>1023).

  3. All user entries within the whole DIT having a common name containing the substring ei.

    Solution: (cn=*ei*), starting from top of DIT having subtree scope.

  4. All user entries within the whole DIT belonging to gidNumber == 100 or having a uid value starting with letter t.

    Solution: (|(gidNumber=100)(uid=t*)), starting from top of DIT having subtree scope.