ldap search filter to check if any user exists under specific domain

Question

I am trying to validate if there is one user at least under specific domain using ldap search.

I used this filter, but do not have any match:

dc=example,dc=com sub (&(objectClass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)) 
(sAMAccountName=*))

once I try this, it has a match:

dc=example,dc=com sub (&(objectClass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)) 
(sAMAccountName=Admini*))

Can you help me on this please.

maybe ``*`` on it's own isn't the correct pattern for a filter. It isn't a valid regular expression for example — Vorsprung, Feb 14 '21 at 21:00

score 1 · Accepted Answer · edited Oct 07 '21 at 11:32

1

Yes, RFC2254 does have '*' wildcard pattern defined for "String Representation of LDAP Search Filters".

But it might not be implemented by all LDAP server.
A Go LDAP server like nmcclain/ldap should support it

But as mentioned here, a '*' search might simply time out (because if would take too long to complete)

edited Oct 07 '21 at 11:32

Community

answered Feb 15 '21 at 08:15

VonC

1 Answers1