LDAP Query to get users based on attributes

StackOverflow https://stackoverflow.com/questions/17212871

  •  01-06-2022
  •  | 
  •  

Question 

DC=abc,DC=COM
  OU=ABC
     OU=Users
        CN=User1
        CN=User2
        CN=User3
     OU=Computers
  OU=ABC1
     OU=Users
        CN=User4
        CN=User5
        CN=User6
     OU=Computers
  OU=ABC2
     OU=Users
        CN=User7
        CN=User8
        CN=User9
     OU=Computers

There is an user attribute called employeeID Two types of value can exist in the employeeID records, one that is pure whole number, and other would start with characters like NE

I would like to extract all Users whose employeeID is a number.

What should be the LDAP query, that can be used to acheive the same

Was it helpful?

Solution

Set the base object to DN from which the search should return entries, set the scope to either SUB or ONE depending on where the base object is in relation to the entries desired, use a filter like '(!(employeeID=NE*))' and a list of attributes to return from each entry. It's also a good practice to provide a size limit and time limit.

An example using ldapsearch:

ldapsearch -h hostname -p port -b dc=abc,dc=com -s sub '(!(employeeID=NE*))' employeeID

which returns the employeeID from each entry below dc=abc,dc=com where the employeeID does not match the filter. Also returns entries that have no employeeID at all, so the filter might need to be more restrictive, for example, '(&(employeeID=*)(!(employeeID=NE*)))'.

see also

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top