operation similar SQL's JOIN in LDAP?

"yawnmoth" <terra1024.RemoveThis@yahoo.com> wrote in message
news:f276579d-860d-4763-894f-f57b4db0c3a6@z72g2000hsb.googlegroups.com...
>I have two base DN's in an LDAP database. One of them contains an
> attribute called 'members' of type DN. I'd like to be able to take
> each of the values for 'members' and do a query with that, too.
>
> With SQL, you'd do this by doing a JOIN. eg.
>
> SELECT p.*
> FROM people p
> JOIN mailing_list ml
> ON ml.person_id = p.person_id
> WHERE ml.mail_id = whatever
>
> Or something like that.
>
> Is there something similar I can do in LDAP?

In my area (ADSI and ADO), both LDAP and SQL syntax queries are supported,
but SQL syntax is converted to LDAP syntax under the covers, and not all SQL
features are supported. JOIN's are not supported. I suspect this would be
true of any LDAP database.

Is a base DN a namespace? Also, many JOINs can be replaced by a sub query,
which is essentially nested queries. Maybe you can do something similar.
More detail about what you are trying to accomplish might help.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

So you want to dump all the people who are members of a certain group?

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com


"yawnmoth" <terra1024.RemoveThis@yahoo.com> wrote in message
news:f276579d-860d-4763-894f-f57b4db0c3a6@z72g2000hsb.googlegroups.com...
>I have two base DN's in an LDAP database. One of them contains an
> attribute called 'members' of type DN. I'd like to be able to take
> each of the values for 'members' and do a query with that, too.
>
> With SQL, you'd do this by doing a JOIN. eg.
>
> SELECT p.*
> FROM people p
> JOIN mailing_list ml
> ON ml.person_id = p.person_id
> WHERE ml.mail_id = whatever
>
> Or something like that.
>
> Is there something similar I can do in LDAP?

yawnmoth wrote:

OU=Distribution Lists,DC=subdomain,DC=domain,DC=tld contains a bunch
of mailing lists. There's a member field that, itself, contains
entries like this:

CN=Lastname Firstname,OU=People,DC=subdomain,DC=domain,DC=tld

I could take each of those entries and do a separate query for each of
them, but I'd prefer not to - I'd prefer it if I could do everything
in one step. Kinda like how JOINs do make it so you can do what would
otherwise be a bunch of separate queries in a single query
-------
In the OU "ou=Distribution Lists" are group objects. Each group object has a
member attribute, which is a collection of DN's of members. Given each
member DN, I don't see what query is needed. You can either list all member
DN's, or bind to the corresponding member object with the DN and retrieve
the values of other attributes of the member. If the aim is to retrieve
other attributes of the members, the best method I can think of is to bind.
Any kind of query/search would be slower. In fact, ADSI provides the Members
method of the IADsGroup object, which is a collection of member objects. In
VBScript:
=========
Set objOU = GetObject("LDAP://OU=Distribution
Lists,DC=subdomain,DC=domain,DC=tld")
objOU.Filter = Array("group")
For Each objGroup In objOU
Wscript.Echo "Group: " & objGroup.distinguishedName
For Each objMember In objGroup.Members
Wscript.Echo " " & objMember.distinguishedName & " (" &
objMember.Class & ")"
Next
Next
=======
I added the "Class" of the member, just to show you can document any
attributes of the members you like. Just remember that members can be users,
contacts, groups, or even computers (in general). You could document the
sAMAccountName (pre-Windows 2000 logon name) for example, but contact
objects do not have this attribute.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--