Text only | Text with Images

NetXMS Support Forum

English Support => General Support => Topic started by: yordi on January 21, 2025, 10:59:19 AM

Title: LDAP SearchFilter syntax
Post by: yordi on January 21, 2025, 10:59:19 AM
Hello fellow IT admins,

I have LDAP conneciton with the default LDAP.SearchFilter --> (objectClass=*) .
this has more then 1000 users importing NetXMS.
I already narrow down the LDAP.SearchBase.

I want to change the LDAP.SearchFilter to only include users from the "Department ICT"
I have tried different LDAP.Searchfilter strings, all resulting in 0 users getting pulled..

(&(objectCategory=person)(objectClass=user)(department=<Departement ICT>))
(&(objectCategory=person)(objectClass=*)(department=<Departement ICT>))
(department=<Departement ICT>)

There is little to non documentation/examples ho to implement this.
I have found those strings syntax online.

Ho has a working example ?
using latest version NetXMS Server Version 5.1.3
Thank!
Title: Re: LDAP SearchFilter syntax
Post by: Alex Kirhenshtein on January 21, 2025, 11:11:06 AM
I usually filter by the base group, but you need to use ActiveDirectory(?) extensions to do it recursively, something like this:

Code Select
(&(|(objectClass=user)(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=CN=...))
Title: Re: LDAP SearchFilter syntax
Post by: yordi on January 21, 2025, 01:17:44 PM
Quote from: Alex Kirhenshtein on January 21, 2025, 11:11:06 AMI usually filter by the base group, but you need to use ActiveDirectory(?) extensions to do it recursively, something like this:

Code Select
(&(|(objectClass=user)(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=CN=...))

Hi Thanks,

As a workaround i created a dedicated group in AD and use Your solution ;-).
Is there no documentation with the use of "Department" attribute in AD ?
Title: Re: LDAP SearchFilter syntax
Post by: Alex Kirhenshtein on January 21, 2025, 02:17:45 PM
Code Select
(&(|(objectClass=user)(objectClass=group))(department=Department1))

you can even use wildcards there:

Code Select
(&(|(objectClass=user)(objectClass=group))(department=Department*))
Title: Re: LDAP SearchFilter syntax
Post by: yordi on January 21, 2025, 03:20:28 PM
Quote from: Alex Kirhenshtein on January 21, 2025, 02:17:45 PM
Code Select
(&(|(objectClass=user)(objectClass=group))(department=Department1))

you can even use wildcards there:

Code Select
(&(|(objectClass=user)(objectClass=group))(department=Department*))

I have try it but i get not any users, do you have a example with a space in the string ?
my 2 treys are:

(&(|(objectClass=user)(objectClass=group))(department="Department ICT"))
(&(|(objectClass=user)(objectClass=group))(department=Department ICT))

I have no control over the naming of the department attribute
Title: Re: LDAP SearchFilter syntax
Post by: Alex Kirhenshtein on January 21, 2025, 03:33:51 PM
Second one is correct. See screenshot.

I'd check that search base is wide enough.
Title: Re: LDAP SearchFilter syntax
Post by: yordi on January 21, 2025, 04:15:07 PM
Supper fixed !

Using the AD "custom Search" to evaluate.
Learned something new today !

supper Thanks!
Text only | Text with Images