[Fedora-directory-devel] Administrative limit exceeded with no results returned
Pierangelo Masarati
ando at sys-net.it
Thu Sep 25 17:06:02 UTC 2008
Graham Leggett wrote:
> Rich Megginson wrote:
>
>> I think the problem is that having !(associatedDomain=somevalue) does
>> not imply (associatedDomain=*). Do you want to search for entries
>> that have associatedDomain and !(associatedDomain=somevalue)?
>> Try a search filter like
>> '(&(associatedDomain=*)(associatedDomain=imausa.net)(!(associatedDomain=rachel.example.com)))'
>
>
> The filter I have is testing whether a specific known domain exists in
> the directory, with the extra proviso that the name of the domain is not
> allowed to be the name of the machine itself (thus the not part).
>
> So it should be
> (&(associatedDomain=example.com)(!(associatedDomain=machine.example.com))).
>
> Am I correct in understanding that the first part of your query above
> (associatedDomain=*) will limit the results within which to search for
> the rest of the query?
Apart from implementation issues, a filter like "(!(attr=value))"
matches all entries whose values of "attr" differ from "value", *and*
all entries without "attr" at all. That's why Rich's suggestion should
work. In fact, "(attr=*)" makes use of the "presence" index, while
"(!(attr=value))" makes use of the "equality" index. If the "look
through" limit applies to selected candidates, if you have presence
indexes in place for "attr" but no equality indexes, the difference
between your query and the one Rich suggested is exactly *all* - entries
with "attr", which could really make the difference between 7000 and 50.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando at sys-net.it
-----------------------------------
More information about the Fedora-directory-devel
mailing list