问题描述
我希望这对任何LDAP专家来说都是一个简单的问题。
I'm hoping this is an easy question for any LDAP experts out there.
我正在使用java,SearchDirContext和字符串构建器来组合一个看起来像这样的查询:
(|(givenName =史密斯*)(SN =史密斯*)(中间名=史密斯*)(邮件=史密斯*)(telephoneNumber =史密斯*)(buildingName =史密斯*)(部门=史密斯*)(大=史密斯*)(小=史密斯* ))
。这个想法是允许用户使用单个字符串进行搜索并获得与这些属性中的任何一个匹配的结果。
I'm using java, SearchDirContext's and a string builder to put together a query that looks like: (|(givenName=smith*)(sn=smith*)(middleName=smith*)(mail=smith*)(telephoneNumber=smith*)(buildingName=smith*)(department=smith*)(major=smith*)(minor=smith*))
. The idea being to allow a user to search with a single string and get results matching any of those attributes.
查询成功完成但结果不准确。例如,如果我搜索自己(我知道我的记录存在)......
The query completes successfully but with inaccurate results. For example if I search for myself (I know my record exists)...
- 按姓氏我没有结果
- 按名字(应该有数百个结果)我得到一个小子集(9),不包括我的条目。
我想首先消除查询问题的任何可能性,如果你想了解更多关于代码执行的信息/代码信息让我知道并且我可以提供它。
I would like to first eliminate any possibility for issues with my query, if you would like more information/code snippits of the execution of the code let me know and I can provide it.
另外请记住,我是一个正确做事的强烈倡导者,我愿意修改我的代码的任何部分,以提高效率。
Also please keep in mind I am a strong advocate of doing things correctly and am willing to modify any part of my code to make things more efficient.
-------------------(编辑)所以语法正确....(编辑)---------- ----------
------------------- (EDIT) So the syntax is correct.... (EDIT)--------------------
这是我查询的一些代码,也许这可以确定我的结果是否会被截止。
Here is some code around my query, maybe this can determine if my results are getting cutoff.
try {
context = ldapPooler.getContext(); // Returns a custom SearchDirContext object wrapping a javax.naming.DirContext.
SearchControls controls = new SearchControls();
controls.setCountLimit(maxResultCount);
Integer resultCount = 0;
// They try block is from an example found at
// http://www.java2s.com/Code/Java/JNDI-LDAP/howtoperformasearchandlimitthenumberofresultsreturned.htm
// The goal was to limit the results.
try {
logger.debug("Finished w/the search string: " + ldapSearchString);
@SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> result = context.search("ou=People", ldapSearchString, controls);
// SearchDirContext.search simply calls DirContext.search with the passed attributes.
while (result.hasMore()) {
searchResults.add(result.next());
resultCount++;
}
logger.debug("Found results: " + resultCount);
} catch (LimitExceededException lee) {
logger.debug("Caught LimitExceededException w/resultCount: " + resultCount);
if (resultCount == maxResultCount) {
logger.debug("Found " + resultCount + " results.");
} else {
logger.debug("In the else....not throwing an exception. Found " + resultCount + " results.");
}
} finally {
context.close();
}
} catch (NamingException ne) {
logger.error("Caught a NamingException while gettingContactCardsBySearchString(" + searchString + ")");
throw new LdapLookupFailedException(ne);
} catch (Exception e) {
logger.error("Caught Exception while gettingContactCardsBySearchString(" + searchString + ")");
throw new LdapLookupFailedException(e);
}
推荐答案
原来这是权限问题。创建的帐户无权访问我正在搜索的属性。我很想知道对经过身份验证的用户无法访问的属性的查询的预期结果是什么,如果那里的任何人想要发布那将是伟大的。否则,我想我通过整个交易了解了一些关于LDAP的内容,感谢您花时间尝试并提供帮助!
Turns out this was a permissions issue. The account created did not have access to the attributes I was searching. I would be interested to know what the expected result of a query on attributes the authenticated user doesn't have access to are, if anyone out there wants to post that would be great. Otherwise I guess I learned a little about LDAP through this whole deal, thanks for taking the time to try and help!
这篇关于LDAP多个或语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!