Al, That was my thought exactly. In fact I didn't even test before posting here because I wouldn't have assumed it would work like that. I assume that it's the client that only uses the first or last object in the list since LDAP would return all possible values.
Scott Forsyth Microsoft MVP - ASP/ASP.NET ASPInsider Member - MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support ----- Original Message ----- From: "Mulnick, Al" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 15, 2004 9:18 PM Subject: RE: [ActiveDir] Sequence LDAP query Scott, exactly how are you testing that? I haven't been looking to see which order an OR is returned in the past, but that is not what I would expect as an answer back from the servers in a working configuration. I would expect that criteria to continue looking for all matches to the filter for each of the records it's looking at. Finding one and stopping is not what I would expect unless that's how the client is implementing it. Just curious here. al -----Original Message----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: 12/15/2004 6:02 PM Subject: Re: [ActiveDir] Sequence LDAP query Sorry, I haven't met anyone on this list yet (except Steve Schofield who introduced me to the list). I've looked up your website and it looks like you have a great soluton. Too bad I didn't know about it a few months ago when researching which Spam solution to go with. I've figured it out. In fact it took just a simple test. The simple OR command against an indexed column actually works in order. If I run the following two tests: (|([EMAIL PROTECTED])([EMAIL PROTECTED])) (|([EMAIL PROTECTED])([EMAIL PROTECTED])) The first filter one will return the record for scott@ and the 2nd will return the record for nobody@ So, it actually searches in order starting from the end. This is exactly what I was looking for. Originally I assumed that it would just search all the records and the first that met either criteria would be returned so depending on what order it was entered into AD, I would get a different result. I assume for non-indexed fields, that might be the case because it would search them all one by one. But in the case of an indexed field, it sounds like MS/LDAP jumps right to the index, starting with the end of the query and moving forward. (mail is an indexed attribute) So, I believe I've overcome the last obstacle and am ready to finish implimenting. Thanks again! I'll start to work with AD a lot in the near future so I might start to hang out in this newsgroup now and may see more of you in the future. Scott Forsyth Microsoft MVP - ASP/ASP.NET ASPInsider Member - MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 15, 2004 4:47 PM Subject: RE: [ActiveDir] Sequence LDAP query Sorry, Scott. But at this point, I will have to take the fifth :) I compete with Barracuda. Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Scott Forsyth Sent: Wed 12/15/2004 12:52 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Sequence LDAP query Thanks to all of you for your replies. Sure, I'll explain more. I tried to keep it brief the first time so it didn't scare anyone off. :) I have a Barracuda Spam filter (www.barracudanetworks.com) and use iMail server on the mail end. (www.ipswitch.com). I've created a script that places all the iMail users and aliases into AD since the LDAP feature of iMail doesn't work with the number of users that we have. I need to be able to do is enable the LDAP feature on the Barracuda to query AD to see if an email address (either alias or POP account) is valid, and if it is valid it will find out the parent POP account and place any spam in the quarantine box for the POP accounts. The goal is that if there are multiple aliases pointing to a single POP account, there is only 1 quarantine box for all of them. This part I can do. Now, what I also need to be able to do is handle a catch-all email alias. (called a 'nobody' in iMail terms). In iMail, there is an alias called 'nobody' and it's always checked last in the order of operations, but if an alias doesn't exist and a POP account doesn't exist, then iMail will check for the nobody account to determine if it should sending to a catch-all account to reject the message. I need to be able to accomplish the same with the Barracuda. Barracuda support tells me that it isn't possible so my last option to make this happen is to use LDAP to overcome their short coming. The barracuda has the following fields: - LDAP username - LDAP password - LDAP Filter - LDAP Search Base So, really the only field that allows me any control is the LDAP Filter. If I could have a filter like Al suggested like this: (&(objectClass=user)(objectCategory=Person)(|([EMAIL PROTECTED])(mai l=no [EMAIL PROTECTED]))) but be sure that it will only check for the [EMAIL PROTECTED] if it couldn't find [EMAIL PROTECTED] I don't want to use the nobody account if there is a valid user or alias. But, I don't have any programming options. This has to all take place in the LDAP Filter field. The Sequence, <final> <last> LDAP commands seemed to me like a promising lead but I don't know LDAP except for what I've learned in the last few days. Thanks again! Scott Forsyth Microsoft MVP - ASP/ASP.NET ASPInsider Member - MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 15, 2004 12:14 PM Subject: RE: [ActiveDir] Sequence LDAP query Apparently, I missed [1] the important disclaimer that says you're limited in your options. What client tool are you referring to? If you have nothing against vbscript, then here is a functional script that you can use for what you've described. You just need to modify the "DC=blahblah" and the "instr()" part. Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCOmmand.ActiveConnection = objConnection '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''' ' ''''''''''''''''''''''''''''''''''' ''''''''''''''''''''''''''''''''''''''''''''Search for Users ''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''' ' ''''''''''''''''''''''''''''''''''' ''''We use this to limit our searches to User accounts only 'uncomment all the lines below On Error Resume Next objCommand.CommandText = _ "Select cn,mail,distinguishedName from 'LDAP://DC=myDomain,DC=com'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF objemailAddy = objRecordSet.Fields("mail").Value objDN = objRecordSet.Fields("distinguishedName").Value objCN = objRecordSet.Fields("cn").Value If instr(lcase(objemailAddy), "[EMAIL PROTECTED]") > 0 Then Wscript.Echo objemailAddy & vbTab & objCN & vbTab & objDN ElseIf instr(lcase(objemailAddy), "[EMAIL PROTECTED]") > 0 Then Wscript.Echo objemailAddy & vbTab & objCN & vbTab & objDN End If objRecordset.MoveNext Loop Set objCOmmand.ActiveConnection = Nothing Set objCommand = Nothing Set objRecordSet = Nothing Set objConnection = Nothing [1]Oh, by the way, Al, you can stop laughing now ;) Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Deji Akomolafe Sent: Wed 12/15/2004 8:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Sequence LDAP query This is just a pseudo-code....... objCommand.CommandText = "Select mail from 'LDAP://DC=Domain,DC=com'" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF objemailAddy = objRecordSet.Fields("mail").Value If instr(lcase(objemailAddy), "[EMAIL PROTECTED]") > 0 Then Dosomething ElseIf instr(lcase(objemailAddy), "[EMAIL PROTECTED]") > 0 Then Dosomething End If objRecordset.MoveNext Loop ........ Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Scott Forsyth Sent: Tue 12/14/2004 10:02 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Sequence LDAP query Hi all, I've subscribed to this list for this question so forgive me if this is something recently covered. I'm trying to do an LDAP query that appears to be uncommon. LDAP is new to me in the last few days so I'm starting from the ground up. Basically I need a filter something like this: (if [EMAIL PROTECTED] elseif [EMAIL PROTECTED]) In other words, it shouldn't check to see if [EMAIL PROTECTED] unless it has already checked [EMAIL PROTECTED] I'll explain the same thing a different way. If [EMAIL PROTECTED] exists, it needs to get that object from AD. But, if [EMAIL PROTECTED] doesn't exist, then check again and see if [EMAIL PROTECTED] exists. I hope I explained this well enough. I'm limited with the client tool to just a search filter field. I don't have any programming options. I've found a link that gives me hope that it is possible: http://www.packetizer.com/rfc/rfc.cgi?num=1558 Note the SEQUENCE OF CHOICE, initial, any and final. That sounds like what I'm looking for. I just don't know how to format the filter. My current filter that works but doesn't do the 2nd part looks like this: (mail=${recipient_email}) Is this possible with LDAP? Thanks, Scott Forsyth Microsoft MVP - ASP/ASP.NET ASPInsider Member - MCP http://www.orcsweb.com/ Powerful Web Hosting Solutions #1 in Service and Support --- [This E-mail scanned for viruses by Declude Virus] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
