How does ldapsearch sortorder work?

sorting ldap-query opendj
kawu picture kawu · Jun 26, 2015 · Viewed 9k times · Source

With OpenDJ 2.6.0 using the ldapsearch wanted to get sorted data. I made several attempts, but the result was always sorted so the same

Simple sort asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn' -s sub "objectclass=*" cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Simple sort desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn' -s sub "objectclass=*" cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with OID asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn:2.5.13.15' -s sub "objectclass=*"
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with OID desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn:2.5.13.15' -s sub "objectclass=*"
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with name asc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '+cn:integerOrderingMatch' -s sub "objectclass=*"  cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Sort with name desc

./ldapsearch -b 'ou=people,dc=example,dc=com' -S '-cn:integerOrderingMatch' -s sub "objectclass=*"  cn
dn: ou=people,dc=example,dc=com

dn: cn=1000000,ou=people,dc=example,dc=com
cn: 1000000

dn: cn=1000000000001,ou=people,dc=example,dc=com
cn: 1000000000001

Am I doing something wrong or is this error ldapsearch / openDJ? Thank you in advance.

Answer

Ludovic Poitou picture Ludovic Poitou · Jul 7, 2015

When using the -S option, the control is not marked as critical. If the server considers that the use is not allowed or not appropriate, it will ignore the control and proceed with the search (as stated in the LDAP RFC). I'm guessing that this is what you are experimenting. There can be at least 2 reasons for ignoring the control. The user doesn't have permission to use the control. In OpenDJ, the Server Side Control is only usable by authenticated users, not anonymous. There are too many entries to sort (default I think is set to 4000).

-S 'cn' and -S '-cn' worked as expected on my test OpenDJ server with 200 entries, authenticated as a user or as Directory Manager.

Related questions

How do I sort a dictionary by value?

I have a dictionary of values read from two fields in a database: a string field and a numeric field. The string field is unique, so that is the key of the dictionary. I can sort on the keys, but …

Read More
Sort array of objects by string property value

I have an array of JavaScript objects: var objs = [ { first_nom: 'Lazslo', last_nom: 'Jamf' }, { first_nom: 'Pig', last_nom: 'Bodine' }, { first_nom: 'Pirate', last_nom: 'Prentice' } ]; How can I sort them by the value of last_nom in JavaScript? …

Read More
Sort a Map<Key, Value> by values

I am relatively new to Java, and often find that I need to sort a Map<Key, Value> on the values. Since the values are not unique, I find myself converting the keySet into an array, and sorting …

Read More