ldap equal filtrer search for an attribute with alpha numeric value failing

This topic has 9 replies, 4 voices, and was last updated 2 years, 1 month ago by Chris Ridd.

  • Author
    Posts
  • #22348

    Consider the two entries :
    1)
    dn: ou=system,ou=test,dc=ent,dc=my,dc=com
    createdbyuser: rootAgent
    createdondate: 31-May-2018 15:58:31 IST
    name: system1
    objectClass: top
    objectClass: orgentity
    objectClass: organizationalUnit
    ou: system

    2)
    dn: ou=system,ou=test,dc=ent,dc=my,dc=com
    createdbyuser: rootAgent
    createdondate: 31-May-2018 15:58:31 IST
    name: example/system1
    objectClass: top
    objectClass: orgentity
    objectClass: organizationalUnit
    ou: system

    My search query:
    (&
    (ou:dn:=system)
    (name=system1)
    (objectclass=orgentity)
    )

    Expected : Only first (1) entry should be the output

    Actual: But we are getting both the entries,

    why?

    #22349
     JnRouvignac
    Participant

    Hello,

    The following test works as you expect:

    @Test
    public void test() throws Exception {
    Entry e1 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Entry e2 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    SearchFilter f = SearchFilter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matchesEntry(e1)).isTrue();
    assertThat(f.matchesEntry(e2)).isFalse();
    }

    Same thing with the SDK:

    @Test
    public void test() throws Exception {
    org.forgerock.opendj.ldap.Entry e1 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    org.forgerock.opendj.ldap.Entry e2 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Filter f = Filter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matcher().matches(e1)).isEqualTo(ConditionResult.TRUE);
    assertThat(f.matcher().matches(e2)).isEqualTo(ConditionResult.FALSE);
    }

    I am not sure how you are seeing this behaviour?
    Which version are you using?

    • This reply was modified 2 years, 1 month ago by JnRouvignac.
    #22351
     JnRouvignac
    Participant

    Hello,

    The following test works as you expect:

    `
    @Test
    public void test() throws Exception {
    Entry e1 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Entry e2 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    SearchFilter f = SearchFilter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matchesEntry(e1)).isTrue();
    assertThat(f.matchesEntry(e2)).isFalse();
    }
    `

    Same thing with the SDK:
    `
    @Test
    public void test() throws Exception {
    org.forgerock.opendj.ldap.Entry e1 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    org.forgerock.opendj.ldap.Entry e2 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Filter f = Filter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matcher().matches(e1)).isEqualTo(ConditionResult.TRUE);
    assertThat(f.matcher().matches(e2)).isEqualTo(ConditionResult.FALSE);
    }
    `

    I am not sure how you are seeing this behaviour?
    Which version are you using?

    #22352
     JnRouvignac
    Participant

    Hello,

    The following test works as you expect:

    @Test
    public void testServer() throws Exception {
    Entry e1 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Entry e2 = TestCaseUtils.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    SearchFilter f = SearchFilter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matchesEntry(e1)).isTrue();
    assertThat(f.matchesEntry(e2)).isFalse();
    }

    #22353
     JnRouvignac
    Participant

    Same thing with the SDK:

    @Test
    public void testSDK() throws Exception {
    org.forgerock.opendj.ldap.Entry e1 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    org.forgerock.opendj.ldap.Entry e2 = org.forgerock.opendj.ldap.Entries.makeEntry(
    “dn: ou=system,ou=test,dc=ent,dc=my,dc=com”,
    “createdbyuser: rootAgent”,
    “createdondate: 31-May-2018 15:58:31 IST”,
    “name: example/system1”,
    “objectClass: top”,
    “objectClass: orgentity”,
    “objectClass: organizationalUnit”,
    “ou: system”);

    Filter f = Filter.valueOf(
    “(&” +
    “(ou:dn:=system)” +
    “(name=system1)” +
    “(objectclass=orgentity)” +
    “)”);

    assertThat(f.matcher().matches(e1)).isEqualTo(ConditionResult.TRUE);
    assertThat(f.matcher().matches(e2)).isEqualTo(ConditionResult.FALSE);
    }

    #22354
     JnRouvignac
    Participant

    I am not sure how you are seeing this behaviour?
    What are you doing exactly?
    Which version are you using?

    #22355
     aloysiustany
    Participant

    Version of OpenDj is 3.5

    • This reply was modified 2 years, 1 month ago by aloysiustany.
    #22369

    @jnrouvignac
    Entries are as following:
    1)
    dn: ou=activityA,ou=project,ou=rajat,dc=ent,dc=example,dc=com
    objectClass: organizationalUnit
    objectClass: orgentityactivity
    objectClass: top
    activitystatus: true
    name: activityA
    ou: activityA

    2)
    dn: ou=activityA,ou=pmt,ou=project,ou=rajat,dc=ent,dc=example,dc=com
    objectClass: organizationalUnit
    objectClass: orgentityactivity
    objectClass: top
    activitystatus: true
    name: pmt/activityA
    ou: activityA

    And i am trying to execute a search filter :

    (&
    (name=activityA)
    (!
    (ou:dn:=activities)
    )
    )

    the result should be entry 1.
    But i get both of them as the result.

    #22379
     Chris Ridd
    Participant

    Your new test entries are different from your original test entries…

    As has been pointed out in the other thread, this is because you are using (misusing!) the LDAP “name” attribute type. DS is matching “activityA” in the “ou” attribute type, as “ou” is a subtype of “name”. See RFC 4519 section 2.20

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?