LDAP SearchFilter syntax

yordi · January 21, 2025, 10:59:19 AM

Hello fellow IT admins,

I have LDAP conneciton with the default LDAP.SearchFilter --> (objectClass=*) .
this has more then 1000 users importing NetXMS.
I already narrow down the LDAP.SearchBase.

I want to change the LDAP.SearchFilter to only include users from the "Department ICT"
I have tried different LDAP.Searchfilter strings, all resulting in 0 users getting pulled..

(&(objectCategory=person)(objectClass=user)(department=<Departement ICT>))
(&(objectCategory=person)(objectClass=*)(department=<Departement ICT>))
(department=<Departement ICT>)

There is little to non documentation/examples ho to implement this.
I have found those strings syntax online.

Ho has a working example ?
using latest version NetXMS Server Version 5.1.3
Thank!

Alex Kirhenshtein · January 21, 2025, 11:11:06 AM

I usually filter by the base group, but you need to use ActiveDirectory(?) extensions to do it recursively, something like this:

Code Select

(&(|(objectClass=user)(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=CN=...))

yordi · January 21, 2025, 01:17:44 PM

Quote from: Alex Kirhenshtein on January 21, 2025, 11:11:06 AMI usually filter by the base group, but you need to use ActiveDirectory(?) extensions to do it recursively, something like this:

Code Select Expand
(&(|(objectClass=user)(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=CN=...))

Hi Thanks,

As a workaround i created a dedicated group in AD and use Your solution ;-).
Is there no documentation with the use of "Department" attribute in AD ?

Alex Kirhenshtein · January 21, 2025, 02:17:45 PM

Code Select

(&(|(objectClass=user)(objectClass=group))(department=Department1))

you can even use wildcards there:

Code Select

(&(|(objectClass=user)(objectClass=group))(department=Department*))

yordi · January 21, 2025, 03:20:28 PM

Quote from: Alex Kirhenshtein on January 21, 2025, 02:17:45 PM
Code Select Expand
(&(|(objectClass=user)(objectClass=group))(department=Department1))
you can even use wildcards there:

Code Select Expand
(&(|(objectClass=user)(objectClass=group))(department=Department*))

I have try it but i get not any users, do you have a example with a space in the string ?
my 2 treys are:

(&(|(objectClass=user)(objectClass=group))(department="Department ICT"))
(&(|(objectClass=user)(objectClass=group))(department=Department ICT))

I have no control over the naming of the department attribute

Alex Kirhenshtein · January 21, 2025, 03:33:51 PM

Second one is correct. See screenshot.

I'd check that search base is wide enough.

yordi · January 21, 2025, 04:15:07 PM

Supper fixed !

Using the AD "custom Search" to evaluate.
Learned something new today !

supper Thanks!

NetXMS Support Forum

News:

LDAP SearchFilter syntax

yordi

Alex Kirhenshtein

yordi

Alex Kirhenshtein

yordi

Alex Kirhenshtein

yordi