• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

LDAP question on syntax in search filter

 
Ranch Hand
Posts: 387
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is my first attempt in trying to query our LDAP server for AD info. When I am trying to query the LDAP server here is what I'm trying to retrieve:

I am trying to retrieve all active employees with a countlimit of 500 records whose displayname starts with "sav", has an email address and has a userAccountControl attribute of 512. The problem I'm encountering is that I'm only getting back 8 records total. I should literally be getting back at least 35+ records.

I'm sure I've done something wrong in my syntax but I cannot find what it is. Any HELP/DIRECTION would be appreciated.

After googling I've defined the SEARCH FILTER as:



Please see my complete method below:



 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would suggest looking at the 8 records you did get and the others that you expected to get but didn't get, and try to see what's the difference between the two sets. It could be something as obscure as trailing blanks in one of the attributes.

You could also remove the call to "setCountLimit" to see if that's limiting what you get back. Perhaps the count limit applies to the total count before the search filter is applied? Yes, I know that's a wild guess and I haven't read the API docs and so on...
 
Melinda Savoy
Ranch Hand
Posts: 387
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul,

I should only be getting back 10 records and I got 8. I looked at the 2 that were different and did not come back and they each had an email address and each had a userAccountControl value of 512. I did not notice ANY trailing or leading white spaces.

If there were any, how can I trim them in my search filter? Thanks again for your help and time in responding. Regards.
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The possible reasons for the LDAP thing ignoring some records which you think should be included aren't limited to rogue whitespace. There could be others. I have no idea what they might be, though, that's why I suggested you look at the ignored records.

If you don't see anything different (even after you look at the attributes which you didn't think you were selecting) then try different queries which you think should select a certain subset of records and see what happens. Try making a query with some of the criteria removed from your original query, or with different criteria added and see if you get what you think you should get.
 
Melinda Savoy
Ranch Hand
Posts: 387
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul, thanks for all the help. I downloaded a free AD tool to view all in AD that I needed and it showed me that the data was not the problem but I was just not hitting all the OU's that I needed because there is NOT just 1 OU where all our users are stored.

Consequently, after googling some more I found a page on the Oracle site regarding LDAP and I changed my LDAPContext to DirContext for my connection to do searches within the directory as well as using this context's REFERRAL and set the value to "follow" to avoid the PartialSearchException.

I thought I'd post my findings just in case some other newbie ran into the same issue.

If you see a downside to the changes I made please let me know. Regards.

Here is my corrected connection method that I did not include above:



Please see my corrected method below:

reply
    Bookmark Topic Watch Topic
  • New Topic