Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

LDAP/AD filter - "objectclass not equal to" is not working

Tags:

php

active-directory

ldap

ldap-query

I am working with LDAP Active Directory and trying to list all users. I have this filter which works perfect:

(&(objectclass=user)(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))

Unfortunately, we have also a computer units and other devices present in AD with objectclass "user" so with previous filter I got all users, computers, devices, rooms, etc.

These computer and devices have also an objectclass "computer" so I need to extend the filter with objectclass!="computer" in order to list only real users. So far I'd tried these filters, none of them working (no data returned!):

(&(objectclass=user)(!objectclass=computer)(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))
(&(objectclass=user)(!(objectclass=computer))(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))
(!(objectclass=computer))(&(objectclass=user)(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))
(!objectclass=computer)(&(objectclass=user)(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))

(real users do not have the objectclass "computer").

I am working with PHP ldap implementation so using an ldap_search() method.

The "not equal to" syntax was found e.g. here: http://technet.microsoft.com/en-us/library/aa996205%28EXCHG.65%29.aspx or here: http://msdn.microsoft.com/en-us/library/aa746475%28v=vs.85%29.aspx

Maybe I could try to filter users where (!CN=Computers) in DN, but first I'd like to filter (!objectclass=computer) as it is more logical for me.

What is the correct syntax for objectclass != "computer" expression?

like image 260
shadyyx Avatar asked Mar 10 '11 17:03

shadyyx

1 Answers

Contrary to the first link you provided, (!objectclass=computer) is not a valid filter expression. It should be (!(objectclass=computer)). See RFC 2254:

filter ::= "(" filtercomp ")"

not ::= "!" filter

So your filter should be

(&(!(objectclass=computer))(objectclass=user)(|(memberOf=...)(memberOf=...)...)(|(userprincipalname=...)(displayname=...)))
like image 91
user207421 Avatar answered Nov 01 '22 22:11

user207421
Sign in to Comment

Related questions

How to chain eloquent relations in laravel?
global variables in JS vs local storage vs values in DOM, which one will be more efficient? [closed]
Laravel + Redis Cache via SSL?
Laravel: Get values of checkboxes
Get coupon data from WooCommerce orders
How to resolve the error: SQL authentication method unknown in Laravel-MySql
Search in Json column with Laravel
Laravel 6.4.1 SQLSTATE[HY000] [2002] Connection refused
Dealing with PHP server and MySQL server in different time zones
How to view DOMNodeList object's data in php
Can echo size of SESSION?
How to implement "Maintenance Mode" on already established website
Inserting a row to a table with auto_increment column
How to remove all non-alphanumeric and non-space characters from a string in PHP?
PHP create date object from yyyy-mm-ddThh:mm:ss string
Deliverables for PHP web designer
How to determine if value is a date in PHP
Javascript-like objects in PHP?
hidden field in php
Best practices to test protected methods with PHPUnit (on abstract classes)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!