Tobias Prinz wrote: > I am just starting with LDAP, but there is some basic thing that I do not > understand and that does not make sense at all: > > I have got an OpenLDAP server and it does contain data. > > This search returns a bunch of results: > ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com > -LLL '(gidNumber=500)' > > Yet this returns no results: > ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com > -LLL '(gidNumber>=500)' > > So I invert it and this returns no results either: > ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com > -LLL '(!(gidNumber>=500))' > > This simply fails (okay, I knew that, but at least I know the ones above are > not syntax errors, because the greater-sign alone is not defined as a filter > in RFC 1960 nor RFC 4515): > ldapsearch -x -v -H ldap://localhost -b ou=something,dc=domainname,dc=com > -LLL '(gidNumber>499)' > > Can someone point me in the right direction, please?
In general: To make greater-than or smaller-than filters work there has to be an ORDERING matching rule defined for the attribute types in question. In particular for gidNumber: The ORDERING matching rules for uidNumber and gidNumber were added to schema_prep.c recently (OpenLDAP release 2.4.25, see also ITS#6852). So you probably have to upgrade. Ciao, Michael.
