问题
I am trying to search for all users not in a specific OU.
(&(objectCategory=person)(!(ou=Old-users))) is not working, but is essentially what I am looking for. All people NOT in Old-users
I have tried numerous combinations and nothing is working as expected.
回答1:
ou is not part of the entries, but part of the DN (i.e. the path to the entry).
Some servers that are compliant with the LDAPv3 specifications will support filtering within the DN part, using a notation like this: (ou:dn:=old-users).
Active Directory doesn't (and based on the "objectCategory" attribute in the filter, I'm guessing you are using AD).
来源:https://stackoverflow.com/questions/57434811/ldap-search-filter-for-users-not-in-specific-ou