TechQA.

How does ldapsearch sortorder work?

11.2k views Asked by At

With OpenDJ 2.6.0 using the ldapsearch wanted to get sorted data. I made several attempts, but the result was always sorted so the same

Simple sort asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn' -s sub "objectclass=*" cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Simple sort desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn' -s sub "objectclass=*" cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with OID asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn:2.5.13.15' -s sub "objectclass=*"
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with OID desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn:2.5.13.15' -s sub "objectclass=*"
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with name asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn:integerOrderingMatch' -s sub "objectclass=*"  cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with name desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn:integerOrderingMatch' -s sub "objectclass=*"  cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Am I doing something wrong or is this error ldapsearch / openDJ? Thank you in advance.

sorting ldap-query opendj
Original Q&A
1

There are 1 answers

1
Ludovic Poitou On BEST ANSWER

When using the -S option, the control is not marked as critical. If the server considers that the use is not allowed or not appropriate, it will ignore the control and proceed with the search (as stated in the LDAP RFC). I'm guessing that this is what you are experimenting. There can be at least 2 reasons for ignoring the control. The user doesn't have permission to use the control. In OpenDJ, the Server Side Control is only usable by authenticated users, not anonymous. There are too many entries to sort (default I think is set to 4000).

-S 'cn' and -S '-cn' worked as expected on my test OpenDJ server with 200 entries, authenticated as a user or as Directory Manager.

Related Questions in SORTING

Related Questions in LDAP-QUERY

Related Questions in OPENDJ

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions