How to search entry by operational attribute (PrimaryGroupToken)?

pingidentity / ldapsdk

UnboundID LDAP SDK for Java

Other

334 stars 81 forks source link

How to search entry by operational attribute (PrimaryGroupToken)? #152

Open gredwhite opened 1 year ago

gredwhite commented 1 year ago

I have following snippet

val entry = ldapConnectionPool.getEntry(groupNn, SearchRequest.ALL_USER_ATTRIBUTES, "PrimaryGroupToken")
val primaryGroupToken = entry.getAttributeValue("PrimaryGroupToken")

primaryGroupToken equals 550 after execution

Then I want to find the same entry by PrimaryGroupToken

ldapConnectionPool.searchForEntry(SearchRequest(dn, SearchScope.SUB, "PrimaryGroupToken=$primaryGroupToken"))

but it returns null. Is there way to find entry by PrimaryGroupToken ?

dirmgr commented 1 year ago

If the searchForEntry method is returning null, then that means that the search succeeded, but didn't return any entries. The most likely reason for that is:

The search request that you're issuing doesn't match any entries.
The search request does match one or more entries, but the requester doesn't have permission to retrieve them, so the server omits them from the results.

While I suppose that it's not out of the realm of possibility that the LDAP SDK is sending a request that is somehow different from what you intended, or that it's somehow mishandling the results, I think that it's overwhelmingly unlikely that this is a problem with the LDAP SDK, and instead is an issue with the search that you're performing. Unless you have reason to suspect a problem in the LDAP SDK, questions like this are much more appropriate for Microsoft, who make Active Directory and are much more familiar with its behaviors and eccentricities, than it is for a forum that is specific to the UnboundID LDAP SDK for Java.

gredwhite commented 1 year ago

If the searchForEntry method is returning null, then that means that the search succeeded, but didn't return any entries. The most likely reason for that is:

The search request that you're issuing doesn't match any entries.

The search request does match one or more entries, but the requester doesn't have permission to retrieve them, so the server omits them from the results.

While I suppose that it's not out of the realm of possibility that the LDAP SDK is sending a request that is somehow different from what you intended, or that it's somehow mishandling the results, I think that it's overwhelmingly unlikely that this is a problem with the LDAP SDK, and instead is an issue with the search that you're performing. Unless you have reason to suspect a problem in the LDAP SDK, questions like this are much more appropriate for Microsoft, who make Active Directory and are much more familiar with its behaviors and eccentricities, than it is for a forum that is specific to the UnboundID LDAP SDK for Java.

Thank you foe your response. Could you give me a hint what is more suitable place for such questions ?