LDAP查询以基于属性获取用户
DC=abc,DC=COM
OU=ABC
OU=Users
CN=User1
CN=User2
CN=User3
OU=Computers
OU=ABC1
OU=Users
CN=User4
CN=User5
CN=User6
OU=Computers
OU=ABC2
OU=Users
CN=User7
CN=User8
CN=User9
OU=Computers
有一个名为employeeID的用户属性. 员工ID记录中可以存在两种类型的值,一种是纯整数,另一种将以NE之类的字符开头
There is an user attribute called employeeID Two types of value can exist in the employeeID records, one that is pure whole number, and other would start with characters like NE
我想提取所有employeeID是数字的用户.
I would like to extract all Users whose employeeID is a number.
什么是LDAP查询,可以用来实现相同的查询
What should be the LDAP query, that can be used to acheive the same
将基础对象设置为DN,搜索应从该DN返回条目,将范围设置为SUB或ONE,这取决于基础对象相对于对象的位置.所需的条目,请使用'(!(employeeID=NE*))'之类的过滤器以及要从每个条目返回的属性列表.提供大小限制和时间限制也是一种好习惯.
Set the base object to DN from which the search should return entries, set the scope to either SUB or ONE depending on where the base object is in relation to the entries desired, use a filter like '(!(employeeID=NE*))' and a list of attributes to return from each entry. It's also a good practice to provide a size limit and time limit.
使用ldapsearch的示例:
ldapsearch -h hostname -p port -b dc=abc,dc=com -s sub '(!(employeeID=NE*))' employeeID
,它从dc=abc,dc=com下的每个条目返回employeeID,其中employeeID与过滤器不匹配.还返回根本没有employeeID的条目,因此过滤器可能需要更严格的限制,例如,'(&(employeeID=*)(!(employeeID=NE*)))'.
which returns the employeeID from each entry below dc=abc,dc=com where the employeeID does not match the filter. Also returns entries that have no employeeID at all, so the filter might need to be more restrictive, for example, '(&(employeeID=*)(!(employeeID=NE*)))'.