-------- Original Message --------

Subject:	Re: [LDAP-interop] LDAPv3 NOT search filter behavior
Resent-Date:	Fri, 1 Jul 2005 17:33:29 +0000 (GMT)
Resent-From:	richm@stanfordalumni.org
Date:	Fri, 01 Jul 2005 12:33:26 -0500
From:	Benjamin Lewis <bhlewis@purdue.edu>
To:	richm@stanfordalumni.org, OpenLDAP interoperability list <ldap-interop@fini.net>
CC:	quanah@stanford.edu

On July 1 2005, Rich Megginson wrote:

> What happens if you specify the uid attribute to be returned?

The uid attribute is returned for those entries that have one.

> ldapsearch "(!(uid=quanah))" uid
> ?  Does it return only those entries that have a uid attribute?  Does 
> OpenLDAP omit entries from the search results that match the search 
> filter but do not contain the attribute listed in the attribute list in 
> the search request?

No.  You might use something like '(&(uid=*)(!(uid=quanah)))' to
return only the entries that have a uid attribute.  It would probably
be better to use objectClass to restrict the search to the type of
objects you're looking for.  Perhaps something like
'(&(objectclass=posixAccount)(!(uid=quanah)))'.

-Ben

-- 
Benjamin Lewis <bhlewis@purdue.edu>
Security Analyst, Identity and Access Management
IT Security and Privacy
Purdue University