I am querying AD to get the first proxyaddresses:smtp field with only the username but it is giving me lots of other information that I don't really need. I was wondering if it is be possible to filter the query in slapd.conf to give me what I need.
Here's my slapd.conf
Allow bind_v2 access to dn.base="" by * read access to * by * read database ldap suffix "dc=ad3,dc=merog,dc=org" uri "ldap://ad3.merog.org" query_filter=(PROXYADDRESSES :smtp:%s@*) cachesize 10000 sizelimit unlimited
I am querying for PROXYADDRESSES which comes like this: PROXYADDRESSES: smtp:username@merog.org - I only want the "username" bit.
Here's my query:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" cn="user name"
I don't want to use any sed, awk script to achieve the result. Just would like to use openldap itself if that's at all possible.
Thanks for any help.
Chris Henderson wrote:
I am querying AD to get the first proxyaddresses:smtp field with only the username but it is giving me lots of other information that I don't really need.
Just ask for attribute 'proxyaddresses'.
Here's my query:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" cn="user name"
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" "(cn=user name)" proxyaddresses
You have to sort out the attribute values starting with "smtp:" yourself at the client side since AFAIK AD does not support the matched values control.
Ciao, Michael.
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" "(cn=user name)" proxyaddresses
Thanks. I have tried that already. The problem with this query is that it gives lots of commented-out lines that I don't really need. I have written a Perl script to parse exactly what I need. Is there any way to put that script in slapd.conf as one of my applications will query OpenLDAP directly for that exact value.
Thanks for any help.
Chris Henderson wrote:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" "(cn=user name)" proxyaddresses
Thanks. I have tried that already. The problem with this query is that it gives lots of commented-out lines that I don't really need. I have written a Perl script to parse exactly what I need. Is there any way to put that script in slapd.conf as one of my applications will query OpenLDAP directly for that exact value.
Thanks for any help.
In that case, why doesn't your application call directly your perl script?
On Sat, May 3, 2008 at 5:02 PM, Olivier Rademakers rademakers@channelopen.org wrote:
Chris Henderson wrote:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" "(cn=user
name)"
proxyaddresses
Thanks. I have tried that already. The problem with this query is that it gives lots of commented-out lines that I don't really need. I have written a Perl script to parse exactly what I need. Is there any way to put that script in slapd.conf as one of my applications will query OpenLDAP directly for that exact value.
Thanks for any help.
In that case, why doesn't your application call directly your perl script?
The application doesn't have the capability to parse this kind of information. So I thought OpenLDAP would be able to parse this kind of LDAP queries.
Hi, On Sun, May 4, 2008 at 9:11 AM, Chris Henderson henders254@gmail.com wrote:
Thanks. I have tried that already. The problem with this query is that it gives lots of commented-out lines that I don't really need.
Use -LLL option and you won't have any comment line
Chris Henderson wrote:
ldapsearch -x -h ad3.merog.org -b "dc=ad3,dc=merog,dc=org" "(cn=user name)" proxyaddresses
Thanks. I have tried that already. The problem with this query is that it gives lots of commented-out lines that I don't really need.
ldapsearch outputs LDIF format with comment lines. It's just a ASCII representation format for directory entries (or another variant for modifications).
as one of my applications will query OpenLDAP directly for that exact value.
If your application directly searches via LDAP it will receive the data structures in the LDAP search results and handle that. It will maybe ask for this particular attribute itself. If it's correctly implemented you don't have to do anything else. Ask the application developers if in doubt or examine your logs to see what they do.
Ciao, Michael.
openldap-technical@openldap.org
-
Chris Henderson -
Javier Barroso -
Michael Ströder -
Olivier Rademakers