HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

561

562

563

564

565

566

567

568

569

570

manager=*

The following filter searches for entries containing the common name Ray Kultgen. This is

also known as an equality search:

cn=Ray Kultgen

The following filter returns all entries that do not contain the common name Ray Kultgen:

(!(cn=Ray Kultgen))

The following filter returns all entries that contain a description attribute that contains the

substring X.500:

description=*X.500*

The following filter returns all entries whose organizational unit is Marketing and whose

description field does not contain the substring X.500:

(&(ou=Marketing)(!(description=*X.500*)))

The following filter returns all entries whose organizational unit is Marketing and that have

Julie Fulmer or Cindy Zwaska as a manager:

(&(ou=Marketing)(|(manager=cn=Julie

Fulmer,ou=Marketing,dc=example,dc=com)

(manager=cn=Cindy Zwaska,ou=Marketing,dc=example,dc=com)))

The following filter returns all entries that do not represent a person:

(!(objectClass=person))

The following filter returns all entries that do not represent a person and whose common name

is similar to printer3b:

(&(!(objectClass=person))(cn~=printer3b))

B.4 Using persistent search

A persistent search is an ldapsearch which remains open even after the initial search results

are returned.

Persistent searches are especially useful for applications or clients which access the Directory

Server and provide two important benefits:

• Keep a consistent and current local cache.

Any client will query local cache before trying to connect to and query the directory. Persistent

searches provide the local cache necessary to improve performance for these clients.

• Automatically initiate directory actions.

The persistent cache can be automatically updated as entries are modified, and the persistent

search results can display what kind of modification was performed on the entry. Another

application can use that output to update entries automatically, such as automatically creating

an email account on a mail server for new users or generating a unique user ID number.

There are some performance considerations when running persistent searches, as well:

• The ldapsearch does not send a notification when the client disconnects, and the change

notifications are not sent for any changes made while the search is disconnected. This means

that the client's cache will not be updated if it is ever disconnected and there is no good way

to update the cache with any new, modified, or deleted entries that were changed while it

was disconnected.

• An attacker could open a large number of persistent searches to launch a denial of service

attack.

• A persistent search requires leaving open a TCP connection between the Directory Server

and client. This should only be done if the server is configured to allow a lot of client

connections and has a way to close idle connections.

562 Finding directory entries