Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Link Criteria with binary attribute comparison

63 views
Skip to first unread message

Dennis

unread,
Apr 29, 2004, 3:27:31 AM4/29/04
to
Hi,

I setup an AL with two connectors. First connector is used to connect Oracle
DB and retrieve ID entry iteratively. The second connector is used to
connect ID to lookup entry. In the Link Criteria tab, I add an criterion
like this:
id euqals $id (id is an attribute from IDS in binary format which $id is
the value retrieved from oracle in varchar2 formate)

When I run the above AL, the following error occurs:
javax.naming.NamingException: [LDAP: error code 92]; remaining name
'ou=users,ou=abc,o=hk'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3037)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2881)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2687)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1775)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1698)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.ja
va:385)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
irContext.java:346)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
irContext.java:331)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:251)
at com.ibm.di.connector.LDAPConnector.findEntry(Unknown Source)
at com.ibm.di.server.AssemblyLineComponent.lookup(Unknown Source)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source)
at com.ibm.di.server.AssemblyLine.run(Unknown Source)

However, if I change to another attribute other than binary type, it should
be ok. Do anyone know what the problem is?

Many thx
Dennis


Eddie Hartman

unread,
Apr 29, 2004, 4:38:38 AM4/29/04
to
Hi Dennis,

I have registered this as a bug, since IDI should hex encode
binary attributes used in Link Criteria.

You can do this yourself by setting up a scripted Link Criteria
which should look like this:

ret.filter = hexEncode( work.getString( "ID" ) );

and here is the hexEncode function:

function hexEncode( str ) {
return "\\" + system.toHex( str ).replace( " ", "\\" );
}

Hope this helps,

-Eddie

"Dennis" <ccdla...@yahoo.com.hk> wrote in message
news:c6qaso$3gk8$1...@news.boulder.ibm.com...

Eddie Hartman

unread,
Apr 29, 2004, 7:21:40 AM4/29/04
to
Oops. Perhaps a bit quick here. You will most like need to
use the work.getObject( "ID" ) method, since trying to
return a binary attribute as a string will not work.

I have not tried this myself, but I would assume that you
get back a byte array, and could then step through this
and build your hex encoded searchfilter. Note that each
hex value must be two-digit.

-Eddie

"Eddie Hartman" <eddie....@no.ibm.com> wrote in message
news:c6qetm$7ito$1...@news.boulder.ibm.com...

jmc...@us.ibm.com

unread,
Apr 29, 2004, 8:40:32 AM4/29/04
to
You may be running into a server limitation on the kinds of attributes
that kind be used in search filter. IDS, for example, does not support
the use of binary attributes in search filters and returns
LDAP_NOT_SUPPORTED (0x5C or 92).

John McMeeking

Dennis

unread,
Apr 29, 2004, 12:59:17 PM4/29/04
to
Hi John,

If I cannot use binary attribute for search filter even it is composed by
string characters, is there any work around solution to find an entry from
IDS with the provided plaintext ID?

Many thanks

Dennis

<jmc...@us.ibm.com> wrote in message
news:c6qt40$4rt6$1...@news.boulder.ibm.com...

jmc...@us.ibm.com

unread,
Apr 30, 2004, 10:18:03 AM4/30/04
to
Dennis,

Using the directory data and schema as-is, its pretty tough. If there's
something in the id that you can map to another attribute that has a
string syntax, you can search on the string attribute. Otherwise you're
pretty much left with trying individual entries one by one - either using
the LDAP compare operation or retrieving the entry and comparing values
yourself. I don't know if IDI supports compare directly, but it is using
JNDI, which does in a round-about way -- see
http://java.sun.com/products/jndi/tutorial/ldap/search/compare.html -- so
you might be able to coax IDI into doing a compare.

Your best bet, if you can do this, is to change the definition of the 'id'
attribute to use a string syntax. If you need to preserve existing data,
either dump the entire directory to a file (db2ldif) or do a ldapsearch to
return all entries matching (id=*) -- you can't search for specific
values, but you can use an existence filter. Then you need to delete the
attribute value from all these entries - don't remember if you need to
delete the entire entry. I hope not. Edit the schema (DMT or Web Admin)
to remove this attribute from any objectclasses that reference it. Delete
the attribute. Then add it back with the proper definition, edit the
objectclass(es) to include the attribute, and reload data (ldapmodify if
just setting the values).

That's all I can think of off hand.


John McMeeking

Christian Chateauvieux

unread,
May 2, 2004, 9:54:39 PM5/2/04
to
And to complete John's answer... ITDI 5.2 LDAP connector has got a raw
method to compare attributes. From the connector's hooks, you may try,
for example,

thisConnector.connector.compare("cn=joe,o=ibm", "userpassword",
"secret").

which would return true or false. Check the Javadoc/reference guide for
more info.

Christian

0 new messages