[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 706
  • Last Modified:

LDAP Query for Display Name OR Description

Hello all!

So I'm looking for an LDAP query for Active Directory that will match the following requirements:

Is a User
AND has *COL* in the Display Name
OR has *BG* in the Display Name
OR has *Director* in the Office field
AND does NOT have *Directorate* in the Office field

I've gotten the first part to work with:

(&(objectcategory=person)(objectclass=user))(|(displayName=*COL *)(displayName=*BG *)(physicaldeliveryofficename=*director*))

But when I run this, it also includes anything with the word "Directorate" which I dont want.  So I tried to add "does NOT include "directorate" and I get no results:

(&(objectcategory=person)(objectclass=user))(|(displayName=*COL *)(displayName=*BG *)(physicaldeliveryofficename=*director*))(&(physicaldeliveryofficename!=*directorate*))

If I move the != around like so, I get the same info as before which includes "directorate":

(&(objectcategory=person)(objectclass=user))(|(displayName=*COL *)(displayName=*BG *)(physicaldeliveryofficename=*director*)(physicaldeliveryofficename!=*directorate*))

What am I doing wrong?
0
Irrylyn
Asked:
Irrylyn
  • 3
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:
The NOT operator comes before the expression and must be outside of your OR conditional:
(&(objectClass=user)(objectCategory=person)(!physicalDeliveryOfficeName=*Directorate*)(|(displayName=*col*)(displayName=*BG*)(physicalDeliveryOfficeName=*Director*)))

Open in new window

Based on this logic reworking of the logic statement:

Is a User
AND does NOT have *Directorate* in the Office field
AND (has *COL* in the Display Name
OR has *BG* in the Display Name
OR has *Director* in the Office field)

Cheers,

Chris
0
 
Chris DentPowerShell DeveloperCommented:
Actually, I should add that some LDAP clients have a problem with the NOT syntax above, if it gets upset, try this tweak:
(&(objectClass=user)(objectCategory=person)(!(physicalDeliveryOfficeName=*Directorate*))(|(displayName=*col*)(displayName=*BG*)(physicalDeliveryOfficeName=*Director*)))

Open in new window

Chris
0
 
Chris DentPowerShell DeveloperCommented:
Sorry, spam... thinking about it there's another way to read the statement above. This time based on this interpretation:

Is a User
AND (has *COL* in the Display Name
OR has *BG* in the Display Name
OR (has *Director* in the Office field
AND does NOT have *Directorate* in the Office field))

(&(objectClass=user)(objectCategory=person)(|(displayName=*col*)(displayName=*BG*)(&(physicalDeliveryOfficeName=*Director*)(!physicalDeliveryOfficeName=*Directorate*))))

Open in new window


Anyway, I hope that helps :)

Chris
0
 
IrrylynAuthor Commented:
Aha!  Okay, I see.  I was close but I see better now how the ! works.  Thank you very much.

Both of your queries worked and gave the same results.  Very good information!
0
 
IrrylynAuthor Commented:
Very good tutelage.  The queries provided worked well and there was even a 'just in case' alternative.  

Great job and thank you!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now