[tpop3d-discuss] Re: LDAP search scope (was: tpop3d v1.4.1pre4)
Prune
prune at lecentre.net
Mon, 25 Feb 2002 17:28:06 +0100
--------------060307070903080703000704
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Chris Lightfoot wrote:
>On Mon, Feb 25, 2002 at 05:14:24PM +0100, Prune wrote:
> [...]
>
>>the scope is 2 (sub).
>>
>
>Is this a useful thing to be able to configure?
>
no,
the scope is the way to tell ldap to search at the level specified in
the DN, or one level under, or all levels under.
ex :
ou=us
|
|
+--------------------+
ou=foo ou=bar
| |
+------------------+
uid=john uid=ben
If you specify as base dn : dn: ou=us
a search of scope 0 will return nothing, as you only have ou=us in this
scope
a scope of 1 will return ou=foo or ou=bar
a scope of 2 will return ou=foo, ou=bar, uid=john and uid=ben
Normaly, depending on your schema, you define the base DN as far as
possible. If you only want to authenticate users in ou=bar, that gives :
ou=bar,ou=us
there will be no difference between scope 1 or 2.
If you define something below uid=xxx, then you may need to change the
scope.... but I don't think this is used in ldap design.
Prune
--------------060307070903080703000704
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
<br>
<br>
Chris Lightfoot wrote:<br>
<blockquote type="cite" cite="mid:20020225162144.GA6132@aquila.esc.cam.ac.uk">
<pre wrap="">On Mon, Feb 25, 2002 at 05:14:24PM +0100, Prune wrote:<br> [...]<br></pre>
<blockquote type="cite">
<pre wrap="">the scope is 2 (sub).<br></pre>
</blockquote>
<pre wrap=""><!----><br>Is this a useful thing to be able to configure?<br><br></pre>
</blockquote>
no,<br>
<br>
the scope is the way to tell ldap to search at the level specified in the
DN, or one level under, or all levels under.<br>
ex : <br>
<br>
ou=us<br>
|<br>
|<br>
+--------------------+<br>
ou=foo ou=bar<br>
| |<br>
+------------------+<br>
uid=john uid=ben<br>
<br>
<br>
If you specify as base dn : dn: ou=us<br>
<br>
a search of scope 0 will return nothing, as you only have ou=us in this scope<br>
a scope of 1 will return ou=foo or ou=bar<br>
a scope of 2 will return ou=foo, ou=bar, uid=john and uid=ben<br>
<br>
Normaly, depending on your schema, you define the base DN as far as possible.
If you only want to authenticate users in ou=bar, that gives : ou=bar,ou=us<br>
there will be no difference between scope 1 or 2.<br>
<br>
If you define something below uid=xxx, then you may need to change the scope....
but I don't think this is used in ldap design.<br>
<br>
Prune<br>
</body>
</html>
--------------060307070903080703000704--