When performing an univention-ldapsearch to find all users with a Windows home directory on a specific server (sambaProfilePath is ie
\\ucs2\username) you are not getting the results as expected:
root@ucs:~# univention-ldapsearch -LLL "(&(uid=*)(sambaProfilePath=\\\\ucs2*))" -b $(ucr get ldap/base) sambaProfilePath search: 3 result: 0 Success
For LDAP search filters some characters have a special meaning and they need to be “escaped”. Unfortunately escaping does not work as it does in a Linux shell (ie bash).
To escape a special character (ie “\”) you need to get the UTF-8 value for this character. You might use this table to get the value.
So instead of trying to escape the backslashes simply with another backslash use the UTF-8 code:
Unfortunately using a wildcard “*” for substring (SUBSTR) match does not work together with escaped characters. So the combination of both simply does not work: (sambaProfilePath=\5c\5cucs2*).
Giving the exact string is not suitable as you are only looking for a substring. As a workaround you should use relaxed match with “
~=” instead of strict match “
=” but it will give you more results than you might expect.
Easiest way to work around this issue is to combine
univention-ldapsearch -LLL '(sambaProfilePath~=\5c\5cucs2\5c)' sambaProfilePath uid -b $(ucr get ldap/base)| grep -B1 '\\\\ucs2'