In order to enable synchronization with a mail server (namely Mailcow) I have to build a proper LDAP filter, as shown in this example:
Here’s an example for an AD from the developper:
(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=Group,CN=Users,DC=example DC=local))
And the filter to which it defaults:
(&(objectClass=user)(objectCategory=person))
I’ve been playing with it for a while, but I cannot seem to make it work.
'*' '+' list of attributes to show (like uid givenName), here two special values: The * means all attributes (same as not specifying any attribute arguments). The + will list LDAP object metadata attributes and the memberOf attribute, which are usually hidden.
An LDAP query to get all users in a UCS system is:(univentionObjectType=users/user)
An LDAP query to get all users that are members of the group example is: (&(univentionObjectType=users/user)(memberOf=cn=example,cn=groups,dc=dom,dc=ain))
To find out the DN of a group, run:
univention-ldapsearch -LLL 'cn=example' dn
If you wish to get only users with a mailbox, add to the filter: (mailPrimaryAddress=*)
