Active Directory Filter PHP

Question

I am trying to fetch my active directory contacts using PHP, this is the domain: `'OU=Shop,OU=US,OU=test,DC=com,DC=def,DC=intra'.

However, i have 12 countries to search for, so instead of 'US' i need also to search for 'FRA' 'UK',... & i need only the contacts that are in the 'shop' OU, i tried something like this, but it the search filter is wrong : OU=Shop,OU=*,OU=test,DC=com,DC=def,DC=intra.

so how can i make a similar search filter that returns only the shop in every country ?

Answer 1

Like @mvrejin said, you cannot create a search filter that way, i would suggest adding those contacts or shops you are talking about to a certain group (Shops_ for example) and adding the group in the search filter, like so :

$search_filter = '(&(objectCategory=person)(memberOf=cn=Shops_,ou=something,DC=com,DC=def,DC=intra))';

Answer 2

The short answer is that you cannot create a search filter using the DN - that is only the search 'root', i.e. where the search starts downwards.

Think of it in SQL terms as this: searching different DN contexts is like searching contacts in different tables, one for every country. In that case, using SQL you would have to specify every table: select * from US,MX,ES,....

In LDAP you will have to find attributes that the contact objects share. Something along the lines of

(&(objectclass=contact)(description=shop))

or maybe in your case just objectclass=contact will suffice.

If there are no similarities in the attributes that uniquely identify your contacts as a group, then you are out of luck.