Re: [SOGo] AD/LDAP filter to exclude disabled accounts
Am 04.04.2015 um 17:49 schrieb Christian Vielhauer: Hi, I try to show only active users addresses in my public address book. So I add the following as my filter in SOGoUserSources filter attribute: filter = ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))“; How looks the correct way? I am using Samba 4.1.17 as AD with latest nightly SOGo build. Because there is no status field I have to use UserAccountControl to filter expired and disabled accounts …. http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx With my filter Sogo starts, but shows a lot of empty address book entries and also shows disabled entries, because my filter in not correct of SOGo usage. 2015-04-04 17:41:23.790 sogod[2528] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=73) '(cn='*') AND ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))' Please help me to find the correct filter. Thanks in advance Chris Hi Chris and happy easter again, the correct syntax of your ldap filter inside sogo is: ((cn=*) AND (mail=*) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2)) Take care of the quotation marks at cn and mail. for sogo I use: ((samAccountType=805306368) AND (mail=*) AND (NOT userAccountControl:1.2.840.113556.1.4.803:=2) AND (NOT isCriticalSystemObject=TRUE)) for dovecot (iterate_filter): ((samAccountType=805306368)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(isCriticalSystemObject=TRUE))) ... same filter, different syntax. My filter shoud do: - show all users, like ((objectCategory=person)(objectClass=user)),but also more effective AND - mail address is set AND NOT - user account is disabled AND NOT - isCriticalSystemObject flag set, like account Administrator Ressources: http://support.microsoft.com/en-us/kb/269181 http://www.selfadsi.org/ldap-filter.htm Greetings Sven -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] AD/LDAP filter to exclude disabled accounts
Hello you have to put a line filter in your configuration : in SogoUserSources add a line : in you case it should like the : filter=UserAccountControl 2 and mail=* Regards Le Samedi 4 Avril 2015 17:49 CEST, Christian Vielhauer c.vielha...@me.com a écrit: Hi, I try to show only active users addresses in my public address book.So I add the following as my filter in SOGoUserSources filter attribute: filter = ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))“; How looks the correct way? I am using Samba 4.1.17 as AD with latest nightly SOGo build.Because there is no status field I have to use UserAccountControl to filter expired and disabled accounts …. http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx With my filter Sogo starts, but shows a lot of empty address book entries and also shows disabled entries, because my filter in not correct of SOGo usage. 2015-04-04 17:41:23.790 sogod[2528] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=73) '(cn='*') AND ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))' Please help me to find the correct filter. Thanks in advanceChris -- Alain Abbas 11 rue Robert Schumann 54500 Vandoeuvre Tel : +333 83 18 02 70 skype: alain.abbas -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] AD/LDAP filter to exclude disabled accounts
Happy easter Thanks for your answer Alain it works with combination of your answer and my question ;-) Here is the working filter line, to exclude disabled accounts from address book: filter = UserAccountControl:1.2.840.113556.1.4.803: 2 and mail='*'; Eventually this is helpful for all people to add this filter in the example section of the documentation. Regards Chris Am 05.04.2015 um 09:29 schrieb Alain Abbas alain.ab...@libertech.fr: Hello you have to put a line filter in your configuration : in SogoUserSources add a line : in you case it should like the : filter=UserAccountControl 2 and mail=* Regards Le Samedi 4 Avril 2015 17:49 CEST, Christian Vielhauer c.vielha...@me.com a écrit: Hi, I try to show only active users addresses in my public address book. So I add the following as my filter in SOGoUserSources filter attribute: filter = ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))“; How looks the correct way? I am using Samba 4.1.17 as AD with latest nightly SOGo build. Because there is no status field I have to use UserAccountControl to filter expired and disabled accounts …. http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx With my filter Sogo starts, but shows a lot of empty address book entries and also shows disabled entries, because my filter in not correct of SOGo usage. 2015-04-04 17:41:23.790 sogod[2528] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=73) '(cn='*') AND ((mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))' Please help me to find the correct filter. Thanks in advance Chris -- Alain Abbas 11 rue Robert Schumann 54500 Vandoeuvre Tel : +333 83 18 02 70 skype: alain.abbas -- users@sogo.nu https://inverse.ca/sogo/lists