Reputation: 148
Struggling with LDAP query base DN vs filter
I'm trying to pull out a list of users from Active Directory with LDAP. I want to get all users from multiple OUs and I'm struggling to get results.
In an attempt to simplify things, I tried setting a single OU as the base DN and just filtering to get user objects :
ldapsearch -b "OU=Company Users,OU=Users,OU=UK,OU=Helpdesk,DC=ad,DC=company,DC=com" '(objectClass=user)'
This successfully returns lots of users. However, if I move some of the elements from the base DN to the filter, I get no results at all..
ldapsearch -b "DC=ad,DC=company,DC=com" '(&(objectClass=user)(OU=Company Users)(OU=Users)(OU=UK)(OU=Helpdesk))'
Aren't these two queries essentially the same?
Am I being daft? (no doubt, there)
Upvotes: 0
Views: 1174
Answers (1)
Reputation: 11026
They are not the same.
From ywhat you related, you want:
ldapsearch -b "OU=Company Users,OU=Users,OU=UK,OU=Helpdesk,DC=ad,DC=company,DC=com" '(objectClass=user)'
The baseDN
OU=Company OU=Users,OU=Users,OU=UK,OU=Helpdesk,DC=ad,DC=company,DC=com
represents a branch in the "tree" structure.
The
(OU=Company Users)(OU=Users)(OU=UK)(OU=Helpdesk)
Represents attributes on the user entries and I doubt that anyone populated the attributes.
It is unfortunate that Microsoft Active Directory does not support the "normal" "ExtensibleMatch" filters.
Let me know how I can help.
Upvotes: 1
Related Questions
- What are CN, OU, DC in an LDAP search?
- LDAP Connection to AD and search on all User in all OUs
- LDAP: Retrieve entries from multiple OUs in one query
- How to use a filter to avoid a sub OU in Active Directory?
- Ldap search by email value can't find records
- Rocketchat LDAP configuration for Jumpcloud
- What are the differences between LDAP and Active Directory?
- Applying filter to Ldap search also sorts the results
- LDAP query for all users in sub OUs within a particular OU