How to compose an LDAP filter by DistinguishedName?

M

MODifikaTOR2022-03-23 15:04:24

PHP

MODifikaTOR, 2022-03-23 15:04:24

I've been scratching my head for the second day and can't find the information I need. I need to exclude several nested OUs in a request to the domain and get the rest of the OUs along with users. I read about LDAP filtering and made my own. The "users only" filter works:

$filter = "(&(objectCategory=person)(objectclass=user))";
$dn = "dc={$adServerShort},dc=local";
$result = ldap_search($ldap, $dn, $filter);
$info = ldap_get_entries($ldap, $result);
foreach($info[0] as $item) {
    echo "<pre>";
    print_r($item);
    echo "</pre>";
}

And if I add a filter by dn to it, then the filter breaks:

$filter = "(&(objectCategory=person)(objectclass=user)(dn=&(!(*OU=OFF_User*))(!(*OU=Service*))))";

In this case, when I display information about the user, the `dn` property is displayed. How can I make the filter so that I can exclude multiple OUs from the query?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

MODifikaTOR, 2022-03-24
@MODifikaTOR18

Compiled an algorithm that receives a complete list of accounts in the domain and then forms a filtered list from it without accounts in the specified OUs