LDAP search filter is useful in Apache LDAP authentication and Ironport.
Under Ironport, I use the below filter to search for valid user with his aliase :
(|(uid={u})(cn={u}))
I use the below to search if an user/alias is in a specific posix group :
(&(cn={g})(memberUid={u}))
Under OpenLDAP, to search a user :
ldapsearch -x -b ‘dc=xxx,dc=yyy,dc=edu,dc=hk’ ‘(&(objectClass=*)(uid=test))’
A bit of search filter syntax :
match more than one attribute?
(&(objectClass=person)(objectClass=user))(|(objectClass=person)(objectClass=user))(&(objectClass=user)(cn=*Marketing*))
How do I match 3 attributes?(&(&(objectClass=user)(objectClass=top))(objectClass=person)) Notice how we weave one query into another. For 4 attributes, this would be: &(&(&(objectClass=top)(objectClass=person))(objectClass=organizationalPerson))(objectClass=user))
Leave a Reply