This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
LDAP_MATCHING_RULE_IN_CHAIN
LDAP_MATCHING_RULE_IN_CHAIN

Version management

Difference between version and

At line 1 added 31 lines
!!! Overview
[{$pagename}] ([1.2.840.113556.1.4.1941]) also known as [LDAP_MATCHING_RULE_TRANSITIVE_EVAL] is an [Extensible Match] used to provide a method to look up the ancestry of an object and is is limited to filters that apply to the [DN].[1]
Many applications using [Microsoft Active Directory] and AD LDS usually work with [hierarchical] [data], which is ordered by parent-child relationships. Not using the [{$pagename}] requires applications to perform transitive group expansion to figure out group membership which:
* used too much network bandwidth
* required applications needed to make multiple roundtrips to figure out if an object fell "in the chain" or a link is traversed through to the end.
[{$pagename}] is a special [Extensible Match] operator that walks the chain of ancestry in objects all the way to the root until it finds a match.
[{$pagename}] will __only__ work when used with [Distinguished Names] ([DN]) type [attributes]. This is an [ExtensibleMatch] operator that walks the chain of ancestry in [LDAP Entries|LDAP Entry] all the way to the root until it finds a match. This reveals group nesting. [{$pagename}] is available only on [Domain Controllers] with [Windows Server 2003 R2] (or above).
!! [{$pagename}] [Microsoft Active Directory] ONLY?
Not all [LDAP Server Implementations] provide complete matching rules. The [OID]'s shown here are [Microsoft Active Directory] specific and will probably not work on other server implementations.
We wish some of the other [LDAP server vendors|LDAP Server Implementations] would add support for this [Extensible Match] Rules.
!! [{$pagename}] [Example]
Query All users that report to a department [manager] or their subordinates.
{{{
(manager:1.2.840.113556.1.4.1941:=CN=Jim,OU=Managed,OU=Accounts,DC=willeke,DC=com)
}}}
As far as we know this could be used with any attribute which has an even numbered [LinkID] which implies it is a ([forward link])
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
[#1] - We obtained some of this information from [http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop