ldapsdk icon indicating copy to clipboard operation
ldapsdk copied to clipboard
verified publisher icon pingidentity

How to search entry by operational attribute (PrimaryGroupToken)?

Open gredwhite opened this issue 2 years ago • 2 comments

I have following snippet

val entry = ldapConnectionPool.getEntry(groupNn, SearchRequest.ALL_USER_ATTRIBUTES, "PrimaryGroupToken")
val primaryGroupToken = entry.getAttributeValue("PrimaryGroupToken")

primaryGroupToken equals 550 after execution

Then I want to find the same entry by PrimaryGroupToken

ldapConnectionPool.searchForEntry(SearchRequest(dn, SearchScope.SUB, "PrimaryGroupToken=$primaryGroupToken"))

but it returns null. Is there way to find entry by PrimaryGroupToken ?

gredwhite avatar Aug 23 '23 07:08 gredwhite

If the searchForEntry method is returning null, then that means that the search succeeded, but didn't return any entries. The most likely reason for that is:

  • The search request that you're issuing doesn't match any entries.
  • The search request does match one or more entries, but the requester doesn't have permission to retrieve them, so the server omits them from the results.

While I suppose that it's not out of the realm of possibility that the LDAP SDK is sending a request that is somehow different from what you intended, or that it's somehow mishandling the results, I think that it's overwhelmingly unlikely that this is a problem with the LDAP SDK, and instead is an issue with the search that you're performing. Unless you have reason to suspect a problem in the LDAP SDK, questions like this are much more appropriate for Microsoft, who make Active Directory and are much more familiar with its behaviors and eccentricities, than it is for a forum that is specific to the UnboundID LDAP SDK for Java.

dirmgr avatar Aug 23 '23 14:08 dirmgr

If the searchForEntry method is returning null, then that means that the search succeeded, but didn't return any entries. The most likely reason for that is:

  • The search request that you're issuing doesn't match any entries.
  • The search request does match one or more entries, but the requester doesn't have permission to retrieve them, so the server omits them from the results.

While I suppose that it's not out of the realm of possibility that the LDAP SDK is sending a request that is somehow different from what you intended, or that it's somehow mishandling the results, I think that it's overwhelmingly unlikely that this is a problem with the LDAP SDK, and instead is an issue with the search that you're performing. Unless you have reason to suspect a problem in the LDAP SDK, questions like this are much more appropriate for Microsoft, who make Active Directory and are much more familiar with its behaviors and eccentricities, than it is for a forum that is specific to the UnboundID LDAP SDK for Java.

Thank you foe your response. Could you give me a hint what is more suitable place for such questions ?

gredwhite avatar Aug 24 '23 07:08 gredwhite