LDAP (Lightweight Directory Access Protocol) queries are a standardized way to provide search criteria for a directory search. You can use LDAP queries as filters to reduce the number of Active Directory (AD) groups or users that the Zylinc solution imports.
To learn about LDAP queries you can search the internet for ldap search filter syntax.
In the following, we provide some widely used filters, and a description of some of the most common concepts.
LDAP user filter: Import everything
Example:
(cn=*)
LDAP user filter: Import all users.
Example:
(objectClass=user)
LDAP user filter: Import nested members of group.
Example:
(memberOf:1.2.840.113556.1.4.1941:=<Distinguished Name of the group>)
Note: If you don’t specify :1.2.840.113556.1.4.1941: your query will not return nested group members.
LDAP user filter: Import users who have Active Directory telephone or mobile numbers, and whose accounts aren't disabled
Example:
(&(|(telephoneNumber=*)(mobile=*)) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))
LDAP user and group filter: Use & as AND operator
(&(Condidtion 1) (Condition 2) (Condition 3) (Condition n))
Example: Import person AND user
(&(objectCategory=person)(objectClass=user))
LDAP user and group filter: Use | as OR operator
(|(Condidtion 1) (Condition 2) (Condition 3) (Condition n))
For an example, see the previous example of uses that have either a phone number or a mobile number or both.
LDAP user and group filter: Use ! as NOT operator
(!(Condition 1))
Example: NOT disabled. (userAccountControl:1.2.840.113556.1.4.803:=2 means disabled users.)
(!userAccountControl:1.2.840.113556.1.4.803:=2)
LDAP user and group filter: Combine AND with NOT
Example: Return (person) AND (user) AND (NOT disabled)
(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))
LDAP user filter: Return (person) AND (user) AND (NOT disabled) AND (nested member of group)
Example:
(&(objectCategory=person)(objectClass=user) (!userAccountControl:1.2.840.113556.1.4.803:=2) (memberOf:1.2.840.113556.1.4.1941:=CN=ZySync,CN=Users,DC=Zylinc,DC=Com))
LDAP user filter: Return all users who have Exchange mailboxes
Example:
(msExchHomeServer=*)
Use Softerra LDAP Browser filter builder feature
Softerra LDAP Browser is a popular LDAP management tool. You can use Softerra LDAP Browser’s filter builder feature to easily create new filters, or to view existing filter strings in a graphical way so that you can better understand them.
To use the filter builder feature of Softerra LDAP Browser, copy and paste the required filter sting as illustrated, and then click the areas marked with red circles:
This is help for Zylinc version 6.0. To view Zylinc unified help for other versions, go here.
© 2021 Zylinc A/S • Disclaimer
Help version: 22 January 2021 13:21:22
Share this topic: