Tony,
I ran into a smiliar problem not long ago. I was unable to fully determine
whether AD support extensible matching, but tests showed that it didn't.
Thanks
-----Original Message-----
From: Tony Murray [mailto:[EMAIL PROTECTED]]
Sent: 25 May 2002 16:36
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Searching LDAP
Gil,
I don't believe this will work. The search filter includes
"ojbectClass=user" and user objects do not contain an "ou" attribute.
As an alternative, I have tried to make it work using extensible matching
(described in RFC2252), without specifying a matching rule, e.g.
(&(objectClass=user)(:dn:=Contacts))
and
(&(objectClass=user)(ou:dn:=Contacts))
.... but this also failed. I guess that unless there is a DN substrings
matching rule this approach will not work? If this is the case then the
only alternative I can think of is to run an initial search to identify all
the OUs that do not match "ou=Contacts" and then work the results (as
indicated in my other mail).
BTW, I found an excellent overview of LDAP with good examples here:
http://bcook.cs.gasou.edu/cs523/2ravi/firstpage.htm
Tony
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gil Kirkpatrick
Sent: Friday, May 24, 2002 6:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Searching LDAP
Brendan,
You were almost correct... try this (note the additional parens around the
negated expression):
(&(objectClass=user)(objectCategory=person)(sn=*)(!(ou=*Contacts*));samAccou
ntName,name,company,telephoneNumber,AdsPath;subtree
http://www.ietf.org/rfc/rfc2251.txt?number=2251 has the complete description
of LDAP search filter syntax.
Gil Kirkpatrick
Chief Technology Officer, NetPro
Author of "Active Directory Programming" from MacMillan
Got eBook? Get your free Active Directory Troubleshooting eBook at:
http://www.netpro.com/ebook
-----Original Message-----
From: Stephens, Brendan [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 24, 2002 7:22 AM
To: ''[EMAIL PROTECTED]' '
Subject: [ActiveDir] Searching LDAP
If anyone is familiar with LDAP syntax, I could use some help on this one...
Our directory structure is separated into OU's, and I am trying to filter a
specific OU out of the picture...
I can pull the users by using the following syntax for ADO... strSQL =
"<LDAP://"; & Domain
&">;(&(objectClass=user)(objectCategory=person)(sn=*);samAccountName,name,co
mpany,telephoneNumber,AdsPath;subtree"
But how do I filter out an OU? (Contacts)
I have tried:
strSQL = "<LDAP://"; & Domain
&">;(&(objectClass=user)(objectCategory=person)(sn=*)(!ou=*Contacts*);samAcc
ountName,name,company,telephoneNumber,AdsPath;subtree"
and a couple of other variants on this, but to no avail...
Any suggestions or guru's on this matter?
Brendan Stephens
Web Applications Developer
Tech-Advances
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
