[Samba] LDAP Queries
Rowland Penny
rowlandpenny at googlemail.com
Mon Mar 10 15:34:13 MDT 2014
On 10/03/14 19:52, Marc Muehlfeld wrote:
> Hello Damien,
>
> Am 10.03.2014 13:20, schrieb Damien Dye:
>> with samba4 I get
>>
>> C:\Users\Administrator>dsquery * --filter
>> (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
>>
>>
>> I get the error message as below
>> (objectClass was unexpected at this time.
>>
>> it seams that filtering doesn't work anybody else got any experience
>> with
>> this ?
>
>
> If I use your filter on Linux with ldapsearch, it works:
>
>
> # ldapsearch -D
> "cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" -W -b
> "dc=SAMDOM,dc=example,dc=com" -h localhost
> '(&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
>
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=SAMDOM,dc=example,dc=com> with scope subtree
> # filter:
> (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> # requesting: ALL
> #
>
> # demo1, Users, samdom.example.com
> dn: CN=demo1,CN=Users,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> sn: User1
> givenName: Demo
> instanceType: 4
> whenCreated: 20130602192954.0Z
> displayName: Demo User1
> uSNCreated: 3915
> objectGUID:: lcTONgoYXkOSxSX3B9gJIw==
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAmkncum+K8CSiQJHXXQQAAA==
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: demo1
> sAMAccountType: 805306368
> userPrincipalName: demo1 at samdom.example.com
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c
> om
> pwdLastSet: 130146749940000000
> cn: demo1
> name: demo1
> msSFU30Name: demo1
> unixUserPassword: ABCD!efgh12345$67890
> uid: demo1
> homeDrive: H:
> homeDirectory: \\DC1\home\demo1
> profilePath: \\DC1\Profiles\demo1
> memberOf: CN=testGroup,CN=Users,DC=samdom,DC=example,DC=com
> msSFU30NisDomain: samdom
> uidNumber: 10007
> loginShell: /bin/sh
> unixHomeDirectory: /home/demo1
> gidNumber: 10002
> msDS-SupportedEncryptionTypes: 0
> mail: demo at samdom.example.com
> userAccountControl: 66048
> whenChanged: 20140310194512.0Z
> uSNChanged: 4049
> distinguishedName: CN=demo1,CN=Users,DC=samdom,DC=example,DC=com
>
> # search reference
> ref:
> ldap://samdom.example.com/CN=Configuration,DC=samdom,DC=example,DC=com
>
> # search reference
> ref:
> ldap://samdom.example.com/DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>
> # search reference
> ref:
> ldap://samdom.example.com/DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 5
> # numEntries: 1
> # numReferences: 3
>
>
>
>
> What happens if you run this command on Linux on your site? Does it
> only fail from Windows?
>
> I never run a LDAP query from Windows. What host does dsquery.exe uses
> per default?
>
>
> Regards,
> Marc
>
>
>
> PS: Is easier if you add a note in future posts, what a filter like
> "userAccountControl:1.2.840.113556.1.4.803:=2" does, if someone want
> to try to reproduce it ;-)
>
Hi Marc, (!(userAccountControl:1.2.840.113556.1.4.803:=2)) means account
is NOT disabled.
Rowland
More information about the samba
mailing list