[Samba] Filter query

[lingpanda101]

On 4/4/2017 10:17 AM, Juan García-Pardo via samba wrote:
> Hi all,
> I’m a C++ dev who is adding support for Samba in one of the products of the company I work for. I’m pretty new to the LDAP world, and I feel a bit lost.
> I am trying to make a query to a samba server using a filter. The filter should be “get me the users that are not computers”, and I’m trying to have the same query for both MS AD and Samba LDAP. The original filter is:
> (&(objectClass=user)(!(objectClass=computer)))
> If I remove the negated part about computer and change user with person it works well, but as soon as I try to use something in the negated  —the second— part, it fails if it’s not in the schema for objectClass. So, this filter works:
> (&(objectClass=person)(!(objectClass=device)))
> But if I write “foobar" instead of “device", it returns an empty set
> My questions are:
> - Can I avoid getting an empty set if “computer” is not part of the objectClass schema?
> - I’ve seen that the objectClass “person” and “device” are listed in the RFC 2256 7.7 and 7.15. Can I assume that the Samba LDAP servers will be configured using these two values to identify persons and devices? or for each installation the admin usually modifies these?
>
> This is the command I use to test the filters (not to build and test the product every time), modulo private data:
> ldapsearch -h 10.2.2.222 -p 389 -D 'UID=Administrator,CN=users,DC=company,DC=ch' -b ‘DC=company,DC=ch' -w supersecret -x '(&(objectClass=person)(!(objectClass=device)))’
>
> Thank you very much in advance, and sorry if this is too boring or trivial,
>
> Juan Garcia
>
>

What about (objectCategory=Person)(objectClass=User). This link may also 
be helpful.



-- 
--
James