问题
DC=abc,DC=COM
OU=ABC
OU=Users
CN=User1
CN=User2
CN=User3
OU=Computers
OU=ABC1
OU=Users
CN=User4
CN=User5
CN=User6
OU=Computers
OU=ABC2
OU=Users
CN=User7
CN=User8
CN=User9
OU=Computers
There is an user attribute called employeeID Two types of value can exist in the employeeID records, one that is pure whole number, and other would start with characters like NE
I would like to extract all Users whose employeeID is a number.
What should be the LDAP query, that can be used to acheive the same
回答1:
Set the base object to DN from which the search should return entries, set the scope to either SUB or ONE depending on where the base object is in relation to the entries desired, use a filter like '(!(employeeID=NE*))' and a list of attributes to return from each entry. It's also a good practice to provide a size limit and time limit.
An example using ldapsearch:
ldapsearch -h hostname -p port -b dc=abc,dc=com -s sub '(!(employeeID=NE*))' employeeID
which returns the employeeID from each entry below dc=abc,dc=com where the employeeID does not match the filter. Also returns entries that have no employeeID at all, so the filter might need to be more restrictive, for example, '(&(employeeID=*)(!(employeeID=NE*)))'.
see also
- Mastering searches
来源:https://stackoverflow.com/questions/17212871/ldap-query-to-get-users-based-on-attributes