r12.0 SP4: Why is the DSA failing to perform a wildcard search for an Integer value?


Article ID: 50697


Updated On:


DIRECTORY SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting



CA Directory will now reject wildcard (designed for searching 'strings') searches from being performed on 'integer' syntax attributes.


In previous Service Packs of CA Directory r12.0, it was possible to perform substring searches on integer syntax attributes. The wildcard search of integer values would return an incorrect search result to the application. This is because you should not use a substring (wildcard) filter element to search numeric fields of "integer" syntax.

In r12.0 SP4, the wildcard searching of integer values will now result in the DSA generating a "Server is unwilling to perform" error to the LDAP client. This is illustrated in the example below.

An LDAP search is performed of the directory, using a wildcard filter to search for the integer attribute "dxSizeLimit".

dxsearch -h aaa.bbb.ccc.ddd -p 20389 -b "o=Democorp,c=AU" -s sub "(dxSizeLimit=1*)"

This results in the following error being returned back to the LDAP client utility.

# extended LDIF
# LDAPv3
# base <o=Democorp,c=AU> with scope subtree
# filter: (dxSizeLimit=1*)
# requesting: ALL
# search result
search: 2
result: 53 Server is unwilling to perform
# numResponses: 1

If you trace the DSA with "trace=all;" level debugging, the reason for the failure is listed in the debug trace.

Warning: Cannot have substrings filter with integer syntax
Cannot normalise filter
doLocalResponse - sending idu
----------userSendIdu (002/002)--------------------20101119.122632.807
        invoke-id = 2   credit = 1
    Service Error:  Directory unwilling to perform


Component: ETRDIR