LDAP: Retrieve entries from multiple OUs in one query
try to retrieve entries of objectClass 'groupOfNames' from multiple OUs from LDAP. My scheme looks like this:
ou=gp,ou=gruppen,dc=some,dc=my-company,dc=at
|
|-ou=99 (objectClass=organizaionalUnit)
|-cn=admins (objectClass=groupOfNames)
|-cn=managers (objectClass=groupOfNames)
|-ou=103 (objectClass=organizaionalUnit)
|-cn=admins (objectClass=groupOfNames)
|-cn=managers (objectClass=groupOfNames)
|-many more OUs
...
Now i try to create a query with which i can retrieve the admins/managers of the different OUs with one query. Within the CN the admins and managers groups contain the names of users that belong to theses groups. One filter i came up with was:
(cn=admins)
This Results in giving me back all the CNs of all OUs:
The search scope is set to complete subtree. How can I change this filter to get only the entries from specific OUs, e.g. ou=212917 and ou=211208, but not from the other OUs? The groups i want to extract in the end look like this:
Or is there another possibility to realise this? I'm fairly new to LDAP.
It's possible to use a very specific filter to search for only the groups with cn=admins in specific OUs.
(&(cn=admins)(|(ou:dn:=212917)(ou:dn:=211208)))
The notation means search for ou=212917 in the entry or part of the DN. Not all servers support this though, even it's part of LDAPv3 standard specifications.
- How to check a username/password combination?
- How do I modify a Boolean LDAP Active Directory attribute using Net::LDAP?
- How do I unblock LDAP users in GitLab-CE
- Environment variables not defined in SSH AuthorizedKeysCommand (Docker)
- How can I cause ldap_simple_bind_s to timeout?
- Unknown Error (0x80005000) with LDAPS Connection
- Connect to Active Directory using LdapConnection class on remote server
- How to search for users in Active Directory from ASP.NET Core
- LDAP attribute to encode the language of human users mother tongue?
- How to remove multiple entries by a single ldap request in unboundid?
- ldap_add: No such object (32) when adding the root entry (initial ldif)
- Working with DirectoryServices in ASP.NET Core
- Automate joining Active Directory (AD) using Kerberos keytab?
- LdapCtxFactory because module java.naming does not export com.sun.jndi.ldap to unnamed module
- Springboot LDAP integration
- Can't Get Users' Active Directory Enabled Status in C#
- ldapsearch - truncating the result
- While trying to resolve a cross-store reference, the SID of the target principal could not be resolved. The error code is 1332
- Using LexikJWTAuthenticationBundle with an LDAP Provider
- Mapping Ldap groups to role of the application in tomcat
- LDAP: `ldapadd` Works but `ldapdelete` Does Not
- Why is my Spring LDAP search failing to return a user
- LDAP authentication using Spring security 2.0.3
- Custom UserProvider config symfony 4
- ActiveMQ Artemis JAAS LDAP - logged-in user has no access to anything
- GitLab LDAP Authentication Issues (SSL_connect, user auth)
- active directory filter with objectGUID encoded as specified in rfc2254 doesn't work
- Adding users temporarily to Active Directory groups using PHP
- Rails Devise LDAP - Signed Connection Question
- How to resolve [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1 ]