Reputation: 4139
AD search filter syntax for "all users in a specified OU DN path"
What is the search filter syntax for "all users under the given OU DN"? Looking at the docs here (https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx) did not seem to answer this question (though am totally new to AD, so may be here in another wording).
Use case is that I have an AD path "OU=Users,OU=HortonworksUsers,DC=ucera,DC=local" under which there are several person entries (ie. thier attribute objectClass OID is "top;person;organizationalPerson;user"). I would like to add them to a search filter (for Apache Ranger AD usersync), but have only seen examples of filtering for a specified group, ie. "memberOf=".
Can anyone with more AD experience let me know the right way to filter for users under some arbitrary OU DN?
Upvotes: 1
Views: 7785
Answers (1)
Reputation: 16035
To grab all users under the given OU, you need to set the following search parameters :
- base dn :
OU=Users,OU=HortonworksUsers,DC=ucera,DC=local - scope :
subtreeorsub(which is the default for most ldap client) - filter :
(|(objectClass=person)(objectClass=user))
Translated into ldapsearch options, you got something like :
ldapsearch -H ldap://<host>:<port> -D <bind_dn> -W -b OU=Users,OU=HortonworksUsers,DC=ucera,DC=local -s sub (|(objectClass=person)(objectClass=user))
Upvotes: 3
Related Questions
- LDAP root query syntax to search more than one specific OU
- ldapsearch - filtering ou in dn
- LDAP Search Filter Syntax (ONLY) to Identify Objects in a Specific OU (AD)
- Search Users in Specific OU Active Directory
- Get all AD users except those that are in specific OU LDAPFilter
- Active Directory search filter example
- LDAP Filter - Find all users of specific OU
- LDAP filter - List all the users in a specific OU
- How do I make a LDAP search on OU on Microsoft Active Directory?
- Search when NOT in OU