LDAP Sort Order

Novell Cool Solutions: Tip
By Aaron Burgemeister

Posted: 21 Jun 2006


Why does an LDAP search in NDS return objects in reverse order from what SunOne does? How can I fix this so we get the LDAP search output for NDS in the correct order (same order as SunOne)?


LDAP does not require for attributes/objects to be returned in any order. It is up to the LDAP server to implement that, which eDirectory does not. If any LDAP server returns anything in any order consistently it is luck and, on the next modify of anything in that list of data, it is likely enough to change. The organization of data on the back end is probably done in a way to make the server as fast as possible. Sorting is not always fast.

Here's a link that answers questions about OpenLDAP:

Again, attributes and objects are not required to come out in any order. The nature of an LDAP return makes is extraordinarly simple to parse into a structure that does not need sorting.

Take Perl, for example. You can use the full DN of an object 'cn=admin,dc=users,dc=system' to be the object's key in a hash. That key's "value" can then be another hash whose keys are attributes and whose values are scalars or arrays holding the attribute's data. Reading this all in can be done in whatever order the server gives and accessing it is the same ... directly by key. Sorting can - and should - be done on the client side.

