LDAP Filter - Find all users of specific OU

Question

I am having trouble with an LDAP Search Filter. What I am needing to retrieve is all the users of a specific LDAP group that is OU=Staff,OU=Users,OU=Accounts,DC=test,DC=local

My search is:

(&(objectCategory=user)(OU=Staff,OU=Users,OU=Accounts,DC=test,DC=local))

Currently it is returning no results. What am I missing?

Answer 1

You must do two things

1. Set the base of the search OU=Staff,OU=Users,OU=Accounts,DC=test,DC=local
2. Search for the objects with the objectClass.

Using PHP, the search would look like this (based on this PHP sample):

<?php
//You must bind, first
// using ldap bind
$ldaprdn  = 'yourdomain\nic_hubbard';     // ldap rdn or dn
$ldappass = 'password';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("yourad.test.local")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    $dn = "OU=Staff,OU=Users,OU=Accounts,DC=test,DC=local";
    $filter="(objectClass=user)";
    $justthese = array("cn", "sn", "givenname", "mail");

    $sr=ldap_search($ldapconn, $dn, $filter, $justthese);

    $info = ldap_get_entries($ldapconn, $sr);

    echo $info["count"]." entries returned\n";
}

?>

You can test on the command line with this (exact options varies, this works with recent openldap's client tools) :

ldapsearch -H ldap://yourad.test.local -x -D "yourdomain\nic_hubbard" -W -b "OU=Staff,OU=Users,OU=Accounts,DC=test,DC=local" -s sub "(objectClass=user)"