[ldapvi] multiple organizations in base
Aleksander Adamowski
aleksander.adamowski at gmail.com
Fri Dec 11 15:35:35 CET 2009
On Fri, Dec 11, 2009 at 3:15 PM, Dale Harris <rodmur at gmail.com> wrote:
>
> Oh, yeah, the $1 is a shell substitution. But that isn't the problem. And, yes, the ldapsearch isn't part of the standard Solaris install. Here's the documentation:
>
> http://docs.sun.com/source/816-6400-10/lsearch.html
>
> It's provided by the Sun ONE Directory Server.
No mention in this documentation about support for multiple base DNs.
But I suspect that there isn't any - read below.
>
> The shell substitution works just fine, but I cannot access the data like this ldapsearch does with ldapvi. Ldapvi specifically doesn't seem to understand the multiple "o's", I suppose I may need to provide an strace and more debug info, I'll do that later.
I think you misunderstand some concepts and have mistaken RDN
components of a DN for alternative values.
The DN specifies a path in a directory tree, with deeper elements
placed to the left.
So in the sample you've provided, the DN
piPStoreOwner=$1,o=somewhere.org,o=PiServerDb, it doesn't mean that
o=somewhere.org and o=PiServerDb are alternative values.
In this example, o=somewhere.org is a child entry of the o=PiServerDb,
which is at the top of the tree. It's not as you imply that they would
be side-by-side on the same level.
The fact that the corresponding directory tree entries have the same
attributeTypes used as their naming attributes (the o attributeType)
in RDN is purely a coincidence.
This example base DN denotes a _single directory entry_ and isn't much
different from e.g. piPStoreOwner=$1,o=somewhere.org,cn=PiServerDb.
To make it clear, there's no multiple base DN's involved in the
example that you have provided.
Only a single DN, denoting a single entry, whose ancestors have the
same naming attributeType simply by coincidence.
If you want ldapvi search to operate on a larger section of your
directory tree, simply use a base DN which is rooted higher in the
hierarchy, e.g. o=somewhere.org,o=PiServerDb , which is one level
higher than piPStoreOwner=$1,o=somewhere.org,o=PiServerDb.
Or o=PiServerDb, which is one level higher than o=somewhere.org,o=PiServerDb.
True, you can have multiple trees on a single LDAP server, but you
can't query them in parallel using any ldapsearch implementation that
I'm aware of. And no such case is visible in your example - your
example is a single query against a single base DN.
Have a read of the "Understanding LDAP" book from IBM, specifically
the chapters on informational and naming models:
http://www.google.pl/search?q=redbooks+understanding+ldap+data+model
>
> On Fri, Dec 11, 2009 at 5:36 AM, Aleksander Adamowski <aleksander.adamowski at gmail.com> wrote:
>>
>> On Fri, Dec 11, 2009 at 3:28 AM, Dale Harris <rodmur at gmail.com> wrote:
>>>
>>> Hi folks,
>>>
>>> I was wondering how I do something in ldapvi. The Solaris version of ldapsearch utility can do
>>> something like:
>>>
>>> ldapsearch -b piPStoreOwner=$1,o=somewhere.org,o=PiServerDb objectclass=*
>>>
>>> with base multiple o='s, or organizations. I can't seem to do this in ldapvi. Or does anyone have an example how I might do this in ldapvi?
>>
>> I don't think there's any specific version of ldapsearch in Solaris. More likely, you're referring to some common implementation, like OpenLDAP's. Is that so?
>> The example you've provided looks like ordinary shell variable substitution, and it doesn't matter whether you apply it to ldapsearch's arguments, ldapvi's, or for that matter, any other shell command's (for example ls).
>> Hope that helps,
>> --
>> Aleksander Adamowski
>> http://olo.org.pl
>
>
>
> --
> Dale Harris
> rodmur at maybe.org
> rodmur at gmail.com
> /.-)
--
Aleksander Adamowski
http://olo.org.pl
More information about the ldapvi
mailing list