Searching using attributes apart from CN

[harshasrisri]

Hi, I got my search working on an LDAP connection using a CN with this code:

        // let base_dn = ...;
        // let cn2search = ...;
        // let scope = Scope::Base;
        // let attrs = vec!["sn", "givenName", "directReports"];

        let query = format!("CN={},{}", cn2search, base_dn);
        let (rs, _res) = ldap_conn
            .search(query.as_str(), scope, filter.as_str(), attrs)
            .map_err(|e| {
                eprintln!("Search failed");
                e
            })?
            .success()
            .map_err(|e| {
                eprintln!("Search success failed");
                e
            })?;

The problem in the LDAP server is that the CN is not in a consistent format for all users. For example, it is a username in some cases, while it is a full name for others. So, I want to search with a more predictable attribute, like displayName, email, "givenName" or "sn".

However, modifying the query in the above code to use anything but the CN like this is throwing an error:

        let query = format!("displayName={},{}", dispName2search, base_dn):

Error:

Search success failed
...
LdapResult { 
    result: LdapResult { 
        rc: 32, 
        matched: "<my_base_dn>", 
        text: "0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'<my_base_dn>'\n\u{0}", 
        refs: [], 
        ctrls: [] 
    }
}',

Does the search query has to be on CN?

[inejge]

You won't find any entries named displayName=...,... if their names are of the form cn=...,.... Your search should use the bare base_dn, Scope::Subtree and displayName=... as the filter.

[harshasrisri]

This is brilliant! Again, can't thank you enough for this library. You're helping me learn LDAP :-) I have one more pressing question and I'll open another issue for it.