[Samba] LDAP Queries

Mon Mar 10 13:52:32 MDT 2014

Hello Damien,

Am 10.03.2014 13:20, schrieb Damien Dye:
> with samba4 I get
>
> C:\Users\Administrator>dsquery * --filter
> (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
>
> I get the error message as below
> (objectClass was unexpected at this time.
>
> it seams that filtering doesn't work anybody else got any experience with
> this ?

If I use your filter on Linux with ldapsearch, it works:

# ldapsearch -D "cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" 
-W -b "dc=SAMDOM,dc=example,dc=com" -h localhost 
'(&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=SAMDOM,dc=example,dc=com> with scope subtree
# filter: 
(&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
# requesting: ALL
#

# demo1, Users, samdom.example.com
dn: CN=demo1,CN=Users,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sn: User1
givenName: Demo
instanceType: 4
whenCreated: 20130602192954.0Z
displayName: Demo User1
uSNCreated: 3915
objectGUID:: lcTONgoYXkOSxSX3B9gJIw==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAmkncum+K8CSiQJHXXQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: demo1
sAMAccountType: 805306368
userPrincipalName: demo1 at samdom.example.com
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c
  om
pwdLastSet: 130146749940000000
cn: demo1
name: demo1
msSFU30Name: demo1
unixUserPassword: ABCD!efgh12345$67890
uid: demo1
homeDrive: H:
homeDirectory: \\DC1\home\demo1
profilePath: \\DC1\Profiles\demo1
memberOf: CN=testGroup,CN=Users,DC=samdom,DC=example,DC=com
msSFU30NisDomain: samdom
uidNumber: 10007
loginShell: /bin/sh
unixHomeDirectory: /home/demo1
gidNumber: 10002
msDS-SupportedEncryptionTypes: 0
mail: demo at samdom.example.com
userAccountControl: 66048
whenChanged: 20140310194512.0Z
uSNChanged: 4049
distinguishedName: CN=demo1,CN=Users,DC=samdom,DC=example,DC=com

# search reference
ref: ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com

# search reference
ref: ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com

# search reference
ref: ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3

What happens if you run this command on Linux on your site? Does it only 
fail from Windows?

I never run a LDAP query from Windows. What host does dsquery.exe uses 
per default?

Regards,
Marc

PS: Is easier if you add a note in future posts, what a filter like 
"userAccountControl:1.2.840.113556.1.4.803:=2" does, if someone want to 
try to reproduce it ;-)