Rich Megginson wrote:
I think the problem is that having !(associatedDomain=somevalue) does
not imply (associatedDomain=*). Do you want to search for entries that
have associatedDomain and !(associatedDomain=somevalue)?
Try a search filter like
'(&(associatedDomain=*)(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com)))'
The filter I have is testing whether a specific known domain exists in
the directory, with the extra proviso that the name of the domain is not
allowed to be the name of the machine itself (thus the not part).
So it should be
(&(associatedDomain=example.com)(!(associatedDomain=machine.example.com))).
Am I correct in understanding that the first part of your query above
(associatedDomain=*) will limit the results within which to search for
the rest of the query?
That should first find only the entries that have the
associatedDomain
attribute.
If that doesn't work, try a sub-filter like
(&(associatedDomain=*)(&(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com))))
Otherwise, I'm not sure - not filters are problematic in this manner.
Hmmm... I have a second query, which could be problematic, that looks
like this:
(&(|(mail=%s)(mailAlternateAddress=%s))(!(mailHost=$myhostname)))
The idea is that if the mail is known to the LDAP server (and thus the
mail cluster), but is not hosted on this local box, the mail will be
delivered to the box in the cluster that does host the mail.
The trouble is, just doing a (!(mailHost=$myhostname)) is likely to
potentially return a lot of records, however the and part before it
should isolate the exact user first, thus removing the need to query the
entire directory to work out the not.
Does the directory do any kind of query optimisation while evaluating a
search query?
Regards,
Graham
--