Problem: Using Special Characters with ldapsearch

ldap
problem

#1

Problem

When performing an univention-ldapsearch to find all users with a Windows home directory on a specific server (sambaProfilePath is ie \\ucs2\username) you are not getting the results as expected:

root@ucs:~# univention-ldapsearch -LLL "(&(uid=*)(sambaProfilePath=\\\\ucs2*))" -b $(ucr get ldap/base) sambaProfilePath
search: 3
result: 0 Success

Solution

For LDAP search filters some characters have a special meaning and they need to be “escaped”. Unfortunately escaping does not work as it does in a Linux shell (ie bash).
To escape a special character (ie “\”) you need to get the UTF-8 value for this character. You might use this table to get the value.

So instead of trying to escape the backslashes simply with another backslash use the UTF-8 code: \5c\5c

Unfortunately using a wildcard “*” for substring (SUBSTR) match does not work together with escaped characters. So the combination of both simply does not work: (sambaProfilePath=\5c\5cucs2*).

Giving the exact string is not suitable as you are only looking for a substring. As a workaround you should use relaxed match with “~=” instead of strict match “=” but it will give you more results than you might expect.

Easiest way to work around this issue is to combine ldapsearch with grep:
univention-ldapsearch -LLL '(sambaProfilePath~=\5c\5cucs2\5c)' sambaProfilePath uid -b $(ucr get ldap/base)| grep -B1 '\\\\ucs2'