0

I have a list of DNs, and for performance reasons I want to retrieve the attributes of every DN in the list in a single trip to the LDAP server.

Seems like searching by DN, i.e., using DN as a filter search, is not possible

Using DN in Search Filter

http://www.openldap.org/lists/openldap-software/200503/msg00520.html

....is there any alternative?

Community
  • 1
  • 1
user454322
  • 7,300
  • 5
  • 41
  • 52

2 Answers2

4

Sure you can.

ldapsearch -h <ldaphost>  -b "cn=joe,dc=yourdoamin,dc=com" -s base -D cn=admin,dc=yourdomain,dc=com -W "(objectclass=*)" "*"

Will retrieve all user attributes for the DN: cn=joe,dc=yourdoamin,dc=com.

But, for the list, you would need to repeat the search for each one. We often do this in a bash script.

Can you use a filter to identify which DNs you need?

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • Thanks for your answer jim. Perhaps the question is not clear, what I am trying to avoid is the _need to repeat the search for each one_. – user454322 Feb 07 '13 at 17:52
  • 1
    AFIK, you have no choice. This should not be a significant issue for the LDAP server as each search by DN should be only a few milliseconds. – jwilleke Feb 08 '13 at 11:37
  • Thanks again @jwilleke. Sure it won't be a problem for the LDAP server but there would be a network overhead. This becomes an issue with tens of thousands of DNs – user454322 Mar 15 '17 at 06:13
0

Seems like it is only possible in Active Directory. All I had to do is filter by the distinguishedName attribute, however on my tests there was no performance gain.

Active Directory includes the distinguishedName attribute on every object; the value is the object's DN. The following example elaborates the previous example to include a value of distinguishedName on each object.

http://msdn.microsoft.com/en-us/library/cc223167.aspx

user454322
  • 7,300
  • 5
  • 41
  • 52