dcreedy Absent Member.
Absent Member.
293 views

ldap query for users before 1970

We have an application that imports users from an ldap Source. The
vendor only supports 2 ldap providers.

When the application does a query it sets the crateTimeStamp to >
19691231000000.

This returns 0 results, also can duplicate it with Apache Directory studio.

Does anyone have a way to work around this? The Vendor is unwilling to
modify the jar, so we can not change the attribute or the value.

eDirectory 8.8 sp7 patch 4 hf1

Thank you


Daryl
Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for users before 1970

What is the purpose of their query specifying a createTimestamp at all?
Most objects in any directory were created after 1970 (since, well,
directories didn't exist for another decade or two, certainly not
LDAP-based ones) so this seems to be redundant at best, and a waste of
performance in most cases. Most of the time if you want to find all
objects you use 'objectclass=*' as the base filter.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for users before 1970

On Tue, 11 Mar 2014 19:20:19 +0000, Daryl Creedy wrote:

> We have an application that imports users from an ldap Source. The
> vendor only supports 2 ldap providers.
>
> When the application does a query it sets the crateTimeStamp to >
> 19691231000000.
>
> This returns 0 results, also can duplicate it with Apache Directory
> studio.


Trace the query and post the exact search filter they're using.


> Does anyone have a way to work around this? The Vendor is unwilling to
> modify the jar, so we can not change the attribute or the value.


Maybe mapping createTimeStamp to some other attribute in the LDAP Group
would work? Or switching vendors to one with fewer interesting ways of
using LDAP search filters? Decompile the Jar and fix it yourself?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ldap query for users before 1970


> When the application does a query it sets the
> crateTimeStamp to > 19691231000000.


Two things: first, I presume "crateTimeStamp" is simply a typo in the
posting. Secondly, the "... to > 1969...." is an invalid LDAP query
comparison for two reasons: LDAP does not support "greater than" but you
need to use "greater than or equals to," and the timestamp value
requires an ending "Z" to indicate its UTC (as per RFC) as its in
Generalized Time Syntax. Lastly, the time epoch used by eDir is same as
UNIX's, which means it starts at midnight of Jan 1, 1970 ... time to get
a new vendor that understands LDAP! 😛


--
--
-eDirectory Rules!-

Peter
www.DreamLAN.com
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=50231

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.