CA Directory rejects wildcard (designed for searching 'strings') searches from being performed on 'integer' syntax attributes.
Working as designed
In previous Service Packs of CA Directory r12.0, it was possible to perform substring searches on integer syntax attributes. The wildcard search of integer values would return an incorrect search result to the application. This is because you should not use a substring (wildcard) filter element to search numeric fields of "integer" syntax.
In r12.0 SP4, the wildcard searching of integer values will now result in the DSA generating a "Server is unwilling to perform" error to the LDAP client. This is illustrated in the example below.
An LDAP search is performed of the directory, using a wildcard filter to search for the integer attribute "dxSizeLimit".
dxsearch -h aaa.bbb.ccc.ddd -p 20389 -b "o=Democorp,c=AU" -s sub "(dxSizeLimit=1*)"
This results in the following error being returned back to the LDAP client utility.
# extended LDIF # # LDAPv3 # base <o=Democorp,c=AU> with scope subtree # filter: (dxSizeLimit=1*) # requesting: ALL # # search result search: 2 result: 53 Server is unwilling to perform # numResponses: 1
If you trace the DSA with "trace=all;" level debugging, the reason for the failure is listed in the debug trace.
Warning: Cannot have substrings filter with integer syntax Cannot normalise filter doLocalResponse doLocalResponse - sending idu ----------userSendIdu (002/002)--------------------20101119.122632.807 -> #2 LDAP SEARCH-REFUSE invoke-id = 2 credit = 1 Service Error: Directory unwilling to perform