ldapopenldap

Openldap: how to get all entries which contain ou=idmap?


This line return all entries with sambaIdmapEntry

ldapsearch -Q -H ldaps://ldap1.blu.priv -b dc=ldap1,dc=blu,dc=priv -D cn=mailAccountReader,ou=Manager,dc=ldap1,dc=blu,dc=priv -vvv -LLL -w password "(&(objectClass=sambaIdmapEntry))"

I want a query to return all voices which has ou=idmap

I have tried this but don't work

ldapsearch -Q -H ldaps://ldap1.blu.priv -b dc=ldap1,dc=blu,dc=priv -D cn=mailAccountReader,ou=Manager,dc=ldap1,dc=blu,dc=priv -vvv -LLL -w password "(&(objectClass=sambaIdmapEntry(ou=idmap))"

Solution

  • If you want to find all entries under one specific OU, specify that OU as the base:

    ldapsearch -b ou=idmap,dc=ldap1,dc=blu,dc=priv "(objectClass=sambaIdmapEntry)"
    

    If you want to find all entries themselves having the attribute ou: idmap, specify that as the filter:

    -b dc=ldap1,dc=blu,dc=priv "(&(objectClass=sambaIdmapEntry)(ou=idmap))"
    

    If you want to find all entries under all specific OUs anywhere in the directory (or in other words, having ou=idmap anywhere within their DN), use the OpenLDAP-specific :dn: match flag:

    -b dc=ldap1,dc=blu,dc=priv "(&(objectClass=sambaIdmapEntry)(ou:dn:=idmap))"
    

    (:dn: is not really OpenLDAP-specific, but it's an optional feature which most other LDAP implementations don't support; e.g. Active Directory does not.)