Problem
When performing an univention-ldapsearch to find all users with a Windows home directory on a specific server (sambaProfilePath is ie \\ucs2\username
) you are not getting the results as expected:
root@ucs:~# univention-ldapsearch -LLL "(&(uid=*)(sambaProfilePath=\\\\ucs2*))" -b $(ucr get ldap/base) sambaProfilePath
search: 3
result: 0 Success
Solution
For LDAP search filters some characters have a special meaning and they need to be “escaped”. Unfortunately escaping does not work as it does in a Linux shell (ie bash).
To escape a special character (ie “\”) you need to get the UTF-8 value for this character. You might use this table to get the value.
So instead of trying to escape the backslashes simply with another backslash use the UTF-8 code: \5c\5c
Unfortunately using a wildcard “*” for substring (SUBSTR) match does not work together with escaped characters. So the combination of both simply does not work: (sambaProfilePath=\5c\5cucs2*).
Giving the exact string is not suitable as you are only looking for a substring. As a workaround you should use relaxed match with “~=
” instead of strict match “=
” but it will give you more results than you might expect.
Easiest way to work around this issue is to combine ldapsearch
with grep
:
univention-ldapsearch -LLL '(sambaProfilePath~=\5c\5cucs2\5c)' sambaProfilePath uid -b $(ucr get ldap/base)| grep -B1 '\\\\ucs2'