Related to regexp query

MKU · November 11, 2019, 8:45am

Hi,
I am framing a query on attribute named distinguished name(dn)
Example: "dn" : "cn=abc,ou=def,o=ig".
i am looking for query where dn ends with o=ig and has only one child for example "dn": "cn=abc,o=ig"
"dn": "cn=hgg,o=ig"
"dn": "ou=abc,o=ig" and etc.

i tried this below query, can anyone figure out whats wrong in there.


{"track_total_hits":true,

	"_source": ["telephoneNumber", "mail", "ou", "givenName", "dn", "sn", "title", "modifyTimeStamp", "loginDisabled", "objectClass","cn"],
	
	"query":{
	"regexp":{
		"dn":{
			"value":"^[a-zA-Z0-9],o=ig$"
		}
	}
}
	
}

the mapping for dn,

 "dn": {
                "type": "text",
                "analyzer": "not_standard",
                 "fields": {
                    "keyword": {
                        "type": "keyword"
                    }
                }
            }

and analyzer

  "not_standard": {
                    "filter": [
                        "lowercase",
                        "my_ascii_folding"
                    ],
                    "type": "custom",
                    "tokenizer": "standard"
                }

-Thanks
Mohan

MKU · November 12, 2019, 9:13am

Does regular expression query work with keyword type as well, because i should be using dn.keyword and it doesn't seem to work.

abdon · November 12, 2019, 9:59am

Yes, you should be using dn.keyword. The reason it doesn't work is because your regular expression is incorrect. Elasticsearch/Lucene uses a slightly different syntax from what you may be used to. Check the documentation.

What's incorrect:

the anchors ^ and $ are not supported. The regular expression must match the entire string.
You forgot the + after the [a-zA-Z0-9] to match multiple characters
You forgot some characters in the expression as there could also be a = or , in there

Try this:

"[a-zA-Z0-9=,]+,o=ig"

MKU · November 12, 2019, 10:49am

Hi @abdon,

here is one of the "dn" : "cn=A-REPAIR,o=ig" .

i also tried this ,

"[a-zA-Z0-9=,-]+,o=ig"

and this,

"[a-zA-Z0-9-]+=[a-zA-Z0-9-]+,o=ig"

but no result.

Basically i am trying to simulate "scope" = one flag in ldapsearch.
so for example say base is o=ig and scope = one that means only its immediate child will be returned.

thats why i am trying this , "dn" : "cn=A-REPAIR,o=ig"
where o=ig is base and if scope is one only its immediate child will be returned.
that means in this case dn will have only one comma and end with o=ig

abdon · November 12, 2019, 11:20am

Both regular expressions work fine for me, with the exception that the - needs to be escaped as it is a special character. Please check the documentation for the regular expression syntax

PUT my_index/_doc/1
{
  "dn": "cn=A-REPAIR,o=ig"
}

GET my_index/_search
{
  "query": {
    "regexp": {
      "dn.keyword": {
        "value": "[a-zA-Z0-9=,\\-]+,o=ig"
      }
    }
  }
}

GET my_index/_search
{
  "query": {
    "regexp": {
      "dn.keyword": {
        "value": "[a-zA-Z0-9\\-]+=[a-zA-Z0-9\\-]+,o=ig" 
      }
    }
  }
}

MKU · November 12, 2019, 1:05pm

You are right, regex was correct and it's working fine.
I had some typo in mapping and I corrected it

system · December 10, 2019, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.