I have searched on this topic, but all I find are filters that return entries where a certain attribute is not present, like:
(!(manager=*))
However, I want to find entries where the attribute is present, but has a null value (i.e. an empty/blank string). Can I do this using an LDAP filter, and if so, how?
EDIT:
Just to confirm, the above filter finds entries without the attribute, but not where the attribute is empty (null string).
Is this dependent on the LDAP implementation or what?
From LDAP, there is not a query method to determine an empty string.
The best practice would be to scrub your data inputs to LDAP as an empty or null value in LDAP is no value at all.
To determine this you would need to query for all with a value (manager=*) and then use code to determine the ones that were a "space" or null value.
And as Terry said, storing an empty or null value in an attribute of DN syntax is wrong.
Some LDAP server implementations will not permit entering a DN where the DN entry does not exist.
Perhaps, you could, if your DN's are consistent, use something like:
(&(!(manager=cn*))(manager=*))
This should return any value of manager where there was a value for manager and it did not start with "cn".
However, some LDAP implementations will not allow sub-string searches on DN syntax attributes.
-jim