我将 JNDI 与 LDAP 和 Active Directory 结合使用。
根据filter page ,有一个符号 ~=
具有以下描述:
~= approximate equality (according to the matching rule of the attribute)
这是什么意思?
我在想输入和 Active Directory 属性值之间存在类似 Levenshtein 的距离,并且该距离必须小于阈值,但它似乎无法以这种方式工作。
我尝试了以下示例:
NamingEnumeration<SearchResult> answer = ctx.search(
"dc=x,dc=y,dc=z", // name
"(cn~=John Smith)", // filter
searchCtls // controls
);
返回与
完全相同的条目NamingEnumeration<SearchResult> answer = ctx.search(
"dc=x,dc=y,dc=z", // name
"(cn=John Smith)", // filter
searchCtls // controls
);
这很好,但如果我使用它,它不会返回任何内容:
"(cn~=jJohn Smith)", // filter
或
"(cn~=ohn Smith)", // filter
或
"(cn~=Gohn Smith)", // filter
或
"(cn~=JohnSmith)", // filter
当我选择一个整数而不是那个字符串时,结果是相似的(例如:abc~=123
而不是 cn~=John Smith
)。
所以,我看不出 =
和 ~=
之间的区别。
编辑:
我发现了差异,但这不是预期的差异。
这不会返回任何东西:
"(cn~=J*n Smith)", // filter
虽然这会返回 John Smith
条目:
"(cn=J*n Smith)", // filter
最佳答案
尽管 RFC 4511 中提到了 approxMatch,但没有定义如何实现或使用它的规范。因此,approxMatch 的工作原理留给 LDAP 服务器实现。
恕我直言,它“打算”用作“听起来像”的算法。
An approximate match filter may be used to determine whether an entry contains at least one value for a specified attribute that is approximately equal to a given value. The LDAP specifications do not define what exactly "approximately equal to" means, so that is left up to individual server implementations to determine. Many servers use a "sounds like" mechanism with an algorithm based on Soundex or one of the Metaphone variants.
The string representation of an approximate match filter is constructed as follows:
- An open parenthesis
- The attribute description (potentially including attribute options)
- A tilde character
- An equal sign
- The value to compare (aka the assertion value)
- A close parenthesis
For example, it might be reasonable to expect a filter of "(givenName~=John)" to match entries with givenName values of either John or Jon.
Although it seems like a significant oversight or omission, the LDAP specifications do not make any provision for approximate matching rules. A number of directory servers provide this capability anyway so that it may be possible to configure the approximate match behavior on a per-attribute basis, but the inconsistency of approximate matching capabilities between server implementations makes approximate matching something that is often avoided in LDAP-enabled applications.
关于java - LDAP 过滤器中的近似相等性是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33824452/