LDAP: using a filter to avoid a sub OU in Active Directory
Posted on 2009-07-08
I have an application that pulls user information from an OU in Active Directory. The parameters it takes are a base for the search and a filter string.
I have an OU I want to pull information from, but there is a sub OU I want to avoid:
Wanted: users from OU=People,DC=mydomain,DC=com
Not Wanted: users from OU=Evil,OU=People,DC=mydomain,DC=com
I know that this could be done by rewriting the application performing the import to stop it searching sub-OUs, but is there any way to do this with an LDAP filter on the search? Something like (DistinguishedName !contains "Evil") or similar that will let me exclude users based on the path to the user, rather than filtering on a property of the user.