LDAP search not finding entries in child OUs

active-directory ldap ldap-query
11,169

Solution 1

You need to set your search context (i.e., the search base) to where your object/entry is stored. Based on your example, the search context is ou=users,dc=security,dc=corp,dc=com. When you set the search scope to subtree, it should find the entry or entries that match your critera (i.e., search filter). For example,

ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(uid=it-user2)"

Of course, with the 'subtree' search scope, you could even set the search context to a higher level container (e.g., dc=security,dc=corp,dc=com). Your entry would still be found as long as it matches the criteria specified by your filter. Since you're searching for all entries under the ou=users container, your query would probably look like this:

ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(uid=*)"

or

ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(objectclass=*)"

Solution 2

I fought this for hours - CN=Users LDAP Directory Entry in .Net - not working with OU=Users

This may seem silly and stupid, but the default tree setup in Active Directory is not OU=Users,dc=domain,dc=com but rather CN=Users,dc=domain,dc=com (Note the CN= not the OU= for Users.)

Share:
11,169
Catie
Author by

Catie

Updated on June 30, 2022

Comments

  • Catie
    Catie almost 2 years

    Say you have an LDAP with the following structure:

    dc=corp,dc=com
|--dc=security
   |--ou=users
      |--ou=corporate
      |  |--ou=it
      |     |--it-user1
      |     |--it-user2
      |--user1
      |--user2
      |--user3

    I need a search query that will look at all entries under the users ou, including those under corporate and it.

    Currently I am trying the following:

    uid=it-user2,ou=users,dc=security,dc=corp,dc=com

    The scope of the search is set as subtree. I was under the impression that the subtree scope would cause the LDAP to search recursively through the entire tree, but that does not seem to be the case. However, if I add the full path into the search as I have below, the entry is found.

    uid=it-user2,ou=it,ou=corporate,ou=users,dc=security,dc=corp,dc=com

    Could someone give me an idea of where I am going wrong? Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

LDAP exclude sub OU from search
How to do ldapsearch with multiple filters?
Query Active Directory/LDAP, find users in nested organizational unit
LDAP Filter - Find all users of specific OU
Active Directory LDAP Query by sAMAccountName and Domain
What are CN, OU, DC in an LDAP search?
Query to list all users of a certain group
How to escape a string in C#, for use in an LDAP query
What are the other alternative to test a LDAP connection on linux machine
How to retrieve DirectoryEntry from a DirectoryEntry and a DN