Rich Megginson wrote:
I think the problem is that having !(associatedDomain=somevalue) does not imply (associatedDomain=*). Do you want to search for entries that have associatedDomain and !(associatedDomain=somevalue)?Try a search filter like'(&(associatedDomain=*)(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com)))'
The filter I have is testing whether a specific known domain exists in the directory, with the extra proviso that the name of the domain is not allowed to be the name of the machine itself (thus the not part).
So it should be (&(associatedDomain=example.com)(!(associatedDomain=machine.example.com))).
Am I correct in understanding that the first part of your query above (associatedDomain=*) will limit the results within which to search for the rest of the query?
That should first find only the entries that have the associatedDomain attribute.If that doesn't work, try a sub-filter like(&(associatedDomain=*)(&(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com))))Otherwise, I'm not sure - not filters are problematic in this manner.
Hmmm... I have a second query, which could be problematic, that looks like this:
(&(|(mail=%s)(mailAlternateAddress=%s))(!(mailHost=$myhostname)))The idea is that if the mail is known to the LDAP server (and thus the mail cluster), but is not hosted on this local box, the mail will be delivered to the box in the cluster that does host the mail.
The trouble is, just doing a (!(mailHost=$myhostname)) is likely to potentially return a lot of records, however the and part before it should isolate the exact user first, thus removing the need to query the entire directory to work out the not.
Does the directory do any kind of query optimisation while evaluating a search query?
Regards, Graham --
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
