I'm hoping this is an easy question for any LDAP experts out there.
I'm using java, SearchDirContext's and a string builder to put together a query that looks like:
(|(givenName=smith*)(sn=smith*)(middleName=smith*)(mail=smith*)(telephoneNumber=smith*)(buildingName=smith*)(department=smith*)(major=smith*)(minor=smith*))
. The idea being to allow a user to search with a single string and get results matching any of those attributes.
The query completes successfully but with inaccurate results. For example if I search for myself (I know my record exists)...
- by last name I get no results
- by first name (which there should be hundreds of results for) I get a small subset (9) which does not include my entry.
I would like to first eliminate any possibility for issues with my query, if you would like more information/code snippits of the execution of the code let me know and I can provide it.
Also please keep in mind I am a strong advocate of doing things correctly and am willing to modify any part of my code to make things more efficient.
------------------- (EDIT) So the syntax is correct.... (EDIT)--------------------
Here is some code around my query, maybe this can determine if my results are getting cutoff.
try {
context = ldapPooler.getContext(); // Returns a custom SearchDirContext object wrapping a javax.naming.DirContext.
SearchControls controls = new SearchControls();
controls.setCountLimit(maxResultCount);
Integer resultCount = 0;
// They try block is from an example found at
// http://www.java2s.com/Code/Java/JNDI-LDAP/howtoperformasearchandlimitthenumberofresultsreturned.htm
// The goal was to limit the results.
try {
logger.debug("Finished w/the search string: " + ldapSearchString);
@SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> result = context.search("ou=People", ldapSearch开发者_如何学CString, controls);
// SearchDirContext.search simply calls DirContext.search with the passed attributes.
while (result.hasMore()) {
searchResults.add(result.next());
resultCount++;
}
logger.debug("Found results: " + resultCount);
} catch (LimitExceededException lee) {
logger.debug("Caught LimitExceededException w/resultCount: " + resultCount);
if (resultCount == maxResultCount) {
logger.debug("Found " + resultCount + " results.");
} else {
logger.debug("In the else....not throwing an exception. Found " + resultCount + " results.");
}
} finally {
context.close();
}
} catch (NamingException ne) {
logger.error("Caught a NamingException while gettingContactCardsBySearchString(" + searchString + ")");
throw new LdapLookupFailedException(ne);
} catch (Exception e) {
logger.error("Caught Exception while gettingContactCardsBySearchString(" + searchString + ")");
throw new LdapLookupFailedException(e);
}
Your filter syntax is correct as per RFC 4515. I suggest you don't put the test values in the search string. Use the {0}, {1} notation and supply the values as arguments to search(). You may be running up against paginated search results when you get fewer than expected. I would test your filters with an independent LDAP client such as JXplorer.
Turns out this was a permissions issue. The account created did not have access to the attributes I was searching. I would be interested to know what the expected result of a query on attributes the authenticated user doesn't have access to are, if anyone out there wants to post that would be great. Otherwise I guess I learned a little about LDAP through this whole deal, thanks for taking the time to try and help!
精彩评论