ldap-query

I am successfully querying our Active Directory for a user with the following code: $filter = (&(objectCategory=person)(samaccountname=someusername)); $fields = array("samaccountname","mail","manager","department","displayname","objectGUID"); $user = ldap_search($ldapconnection, $baseDn, $filter, $fields); The resulting array gives this value for the manager attribute: CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com This looks like a distinguishedName to me. But when I try to query for the manager's record, $filter = (&(objectCategory=person)(dn='CN=McBossy\, Boss,OU=Users

I add users through LDAP for a certain application, made with spring. While this works for most of the cases, in some cases, it does not work... The retrieve the users I use: public class LdapUserServiceImpl implements ILdapUserService { @Override public List<LdapUserVO> getUserNamesByQuery(String query) { return ldapTemplate.search( query().countLimit(15) .where("objectClass").is("user") .and("sAMAccountName").isPresent() .and(query() .where("sAMAccountName").like("*" + query + "*") .or("sAMAccountName").is(query) .or("displayName").like("*" + query + "*") .or("displayName").is(query)) , new

If I am looking for all Groups , I get too much garbage. If I try to narrow down the base, I get too few. Here is an example: CN=A Team,OU=Groups,OU=Americas,DC=example,DC=com CN=B TEAM,OU=Groups,OU=EMEA,DC=example,DC=com CN=C Team,OU=Legacy Groups,DC=example,DC=com CN=D Team,OU=Groups,OU=Bangalore,OU=APAC,DC=example,DC=com CN=E Team,OU=Common Groups,DC=example,DC=com I am looking for a LDAP filter that returns A B D E (without C) - mainly the logic would be get me all groups that do have last OU=Groups or OU=Common Groups My current search is using: Search base: CN=Users,DC=citrite,DC=net

In my LDAP Client program sometimes I have to include the DN value within the search filter. But this DN is changing frequently and every I have to change this filter in my code. When I googled it for that I got something like this Suppose you want to pull all users of ObjectType = Person from the R&D and HR ous, but not any users from Marketing and PM. The filter would be: (&(objectClass=person)(|(ou:dn:=ResearchAndDevelopment)(ou:dn:=HumanResources))) Can anybody explain this more in detail? You should check RFC 2254 (The String Representation of LDAP Search Filters). LDAP filters use polish

I'm confused! :) I've got a dynamic group in OpenLDAP: dn: cn=DynamicGroup,ou=Group,dc=MyDomain cn: DynamicGroup objectClass: groupOfURLs memberURL: ldap:///ou=People,dc=MyDomain??one?(&(objectClass=User)(isInDynamicGroup=TRUE)) When I search for it, it gets expanded (the dynlist module is set up correctly): $ ldapsearch -H "ldapi:///" -b "dc=MyDomain" -s sub -LLL -d 0 -QY EXTERNAL 'cn= DynamicGroup' dn: cn=DynamicGroup,ou=Group,dc=MyDomain cn: DynamicGroup objectClass: groupOfURLs memberURL: ldap:///ou=People,dc=MyDomain??one?(&(objectClass=User)(isInDynamicGroup=TRUE)) member: cn=User One,ou

How can I use a a search filter to display users of a specific group? I've tried the following: (& (objectCategory=user) (memberOf=MyCustomGroup) ) and this: (& (objectCategory=user) (memberOf=cn=SingleSignOn,ou=Groups,dc=tis,dc=eg,dc=ddd,D‌​C=com) ) but neither display users of a specific group. Kodra memberOf (in AD) is stored as a list of distinguishedNames. Your filter needs to be something like: (&(objectCategory=user)(memberOf=cn=MyCustomGroup,ou=ouOfGroup,dc=subdomain,dc=domain,dc=com)) If you don't yet have the distinguished name, you can search for it with: (&(objectCategory=group)(cn

Background I'm creating some SQL to assist with security auditing; this will take security info from various systems databases and from Active Directory and will produce a list of all anomalies (i.e. cases where accounts are closed in one system but not others. Current Code To get a list of users who are a member of a security group I run the below SQL: if not exists(select 1 from sys.servers where name = 'ADSI') EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5', 'ADSDSOObject', 'adsdatasource' SELECT sAMAccountName, displayName, givenName, sn, isDeleted --, lastLogonTimestamp --