Martyn Houghton Posted February 1, 2016 Share Posted February 1, 2016 Is there any documentation of the LDAP Import tool 'Filter' configuration syntax or details from the component us are using to access the LDAP directory? I have had some joy in using the syntax from Microsoft Active Directory documentation https://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx But are having a issue with some of the operation such as excluding certain OU containers when using the Scope=2 setting to recursively scan the sub tree. At the moment I can get the following to work to scan the sub tree and exclude all disabled accounts:- "Scope": 2, "DerefAliases": 1, "SizeLimit": 0, "TimeLimit": 0, "TypesOnly": false, "Filter": "(&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", But if I add the extra criteria of (!(ou=HR)) the import still accepts the filter as valid but does not filter out the users contained with the HR ou. Cheers Martyn Link to comment Share on other sites More sharing options...
Steve Giller Posted February 4, 2016 Share Posted February 4, 2016 Found this: Suppose you want to pull all users of ObjectType = Person from the R&D and HR ous, but not any users from Marketing and PM. The filter would be:(&(objectClass=person)(|(ou:dn:=ResearchAndDevelopment)(ou:dn:=HumanResources))) The filter above is called an extensible match search because it specifies an attribute name: ou and the DN’s attributes should be considered as part of the entry. If ou:= rather than ou:dn:= had been used, no results would have been returned, because the ResearchAndDevelopment entry does not match the objectClass=person criteria and jbond (which does have an objectClass=person ) does not match the ou=ResearchAndDevelopment criteria EXCEPT for the fact that it does have ou=ResearchAndDevelopment as part of that entry's Distinguished Name (dn). Therefore ou:dn:=ResearchAndDevelopment DOES return jbond as one of the users in the search result. So try "Filter": "(&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(ou:dn:=HR)))" and see if that works. 1 Link to comment Share on other sites More sharing options...
Martyn Houghton Posted February 8, 2016 Author Share Posted February 8, 2016 Steve Unfortunately that did not work either. It seems you can filter by an objects attributes but not its context in the import tool at the moment. Cheers Martyn Link to comment Share on other sites More sharing options...
Steve Giller Posted February 8, 2016 Share Posted February 8, 2016 Are the Pre- and Post-Import SQL options still available in the Collaboration Platform? If so you could import the distinguishedName attribute and delete records in the HR OU after the import. As I'm typing I'm just thinking: Is the comparison limited to two objects? In which case would the (rather convoluted) version of "Filter": "(&(&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(!(ou:dn:=HR)))" work? [edit]I've just googled and it would appear not - but might be worth a try, stranger things have happened![/edit] Link to comment Share on other sites More sharing options...
James Ainsworth Posted July 1, 2016 Share Posted July 1, 2016 Hi Martyn, I wasn't sure if you managed to get this working, however for others reading this post I thought I'd include a link to our LDAP User Import Tool Documentation. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now