'(manager=cn=Izzeddeen Alkarajeh,ou=managers,ou=people,dc=sahara,dc=local)' \ For example: $ ldapsearch -h hostname -p port -b 'dc=sahara,dc=local' \ Verify the entries exist with a known good tool such as ldapsearch to ensure that the correct parameters are known for the search request. Also, the EQUALITY matching rule is distinguishedNameMatch.Īn example of an assertion in a filter using the correct syntax: manager=cn=Manager Number One,ou=managers,ou=people,dc=example,dc=comĪll attributes values used in an assertion must have the syntax defined for that attribute type in the schema.
On that page, search for the OID following the SYNTAX keyword ( 1.3.6.1.115.121.1.12). I'm trying to search active directory users whose manager's username is given in the search request, but I always get 0 records regardless of the manager's username I pass. To determine the syntax, use the LDAP Parameters Assignment page. The syntax of manager: attributeTypes: (. You must correct the filter to use a distinguished name.
When specifying a DN in a search filter or as the base object in a search request, the LDAP client must use the full DN, for example, cnuser,oupeople,dcexample,dccom. There is no substring matching rule for DN, therefore, substring filters cannot be used with DNs. Neither of the examples you gave meet this criteria. The client is attempting to use a substring filter with a DN ( (managerCNEve) ).
Type the command: dsquery user -nameManager has distinguished name syntax, therefore, if manager is used in an assertion, the full DN must be used as the value. To find the user and group base DN, run a query from any member server on your Windows domain.