Menu
I would like to filter for all LDAP objects where the CN does not equal the sAMAccountName. Therefore I wrote the following query, which unfortunately neither works nor seems to be RFC compliant:
(!(cn=sAMAccountName))
Does anybody know how to acheive the desired functionality?
Best regards Thomas
386
An LDAP compare operation may be used to determine whether a specified entry has a particular attribute value. The elements contained in a compare request include: The DN of the entry for which the determination is to be made.
2 LDAP filters do not allow using value of another attribute for filter comparison. You have to fetch the entry and compare both values. Share Improve this answer Follow answered Feb 26 '16 at 0:04
Attribute Syntaxes. An attribute syntax is the LDAP equivalent of a data type. Every attribute type is associated (either explicitly or implicitly) with an attribute syntax, and all values for attributes of that type must abide by the constraints of that syntax.
echo "Unable to connect to LDAP server."; ldap_compare () can NOT be used to compare BINARY values!
LDAP filters do not allow using value of another attribute for filter comparison. You have to fetch the entry and compare both values.
190
(!(cn=sAMAccountName)) is "RFC compliant", because the right-hand side of the assertion is taken to be a value of the cn attribute.
Using this filter will result in all entries being returned in a search response where value of the cn attribute is present, and the matching rule for cn returns false for the case-insensitive value samaccountname (assuming the cn attribute matching rule has not been changed from the published standard). The results will be subject to:
Perhaps you meant to use
cn=value-of-samaccount-name
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
