LDAP filter to retrieve UCS users

etique · September 21, 2020, 9:47pm

Hello,

In order to enable synchronization with a mail server (namely Mailcow) I have to build a proper LDAP filter, as shown in this example:

Here’s an example for an AD from the developper:
(&(objectClass=user)(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=Group,CN=Users,DC=example DC=local))

And the filter to which it defaults:
(&(objectClass=user)(objectCategory=person))

I’ve been playing with it for a while, but I cannot seem to make it work.

Any hint would be much welcome!
Thanks a lot!

troeder · September 22, 2020, 8:25am

Hello,

use this to see a user object in OpenLDAP on UCS:

univention-ldapsearch -LLL uid=Administrator '*' '+'

-LLL will suppress search metadata
uid=Administrator is the LDAP query
'*' '+' list of attributes to show (like uid givenName), here two special values: The * means all attributes (same as not specifying any attribute arguments). The + will list LDAP object metadata attributes and the memberOf attribute, which are usually hidden.

An LDAP query to get all users in a UCS system is:(univentionObjectType=users/user)
An LDAP query to get all users that are members of the group example is:
(&(univentionObjectType=users/user)(memberOf=cn=example,cn=groups,dc=dom,dc=ain))
To find out the DN of a group, run:

univention-ldapsearch -LLL 'cn=example' dn

If you wish to get only users with a mailbox, add to the filter: (mailPrimaryAddress=*)

Greetings
Daniel Tröder

etique · September 27, 2020, 9:15pm

Thanks a lot!

It did the trick

Regards