S
Scott Marquardt
How to do (with LDAP)? This is killing me.
Enumerate all attributes and classes with a given base OID?
D
Dean Wells [MVP]
You can't solely with a regular LDAP query ... its attribute syntax
supports only supports a limited number of query operands; equality and
presence if memory serves (it doesn't support medial string, inequality
or bitwise operations). Instead, dump the relevant schema content and
query the resulting file or wrap a query in a script that performs the
OID-base prefix comparison for you.
supports only supports a limited number of query operands; equality and
presence if memory serves (it doesn't support medial string, inequality
or bitwise operations). Instead, dump the relevant schema content and
query the resulting file or wrap a query in a script that performs the
OID-base prefix comparison for you.
S
Scott Marquardt
Dean Wells [MVP] opined thusly on Feb 15:
LDAP queries do support medial string
(homeDirectory=*\folders$\*)
inequality
(!memberOf=cn=ExchangeUsers,ou=groups,dc=domain,dc=tld))
and bitwise
(userAccountControl:1.2.840.113556.1.4.804:=2)
operations, if I rightly understand what you mean by "regular LDAP query."
With that said, you gave perfect advice. Found this on the web, then
noticed that I also have the book on my shelf. ;-)
| csvde -f c:\classes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=classSchema)
| csvde -f c:\attributes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=attributeSchema)
This gives me exactly what I need, in nice CSV format for Excel. Thanks!
LDAP queries do support medial string
(homeDirectory=*\folders$\*)
inequality
(!memberOf=cn=ExchangeUsers,ou=groups,dc=domain,dc=tld))
and bitwise
(userAccountControl:1.2.840.113556.1.4.804:=2)
operations, if I rightly understand what you mean by "regular LDAP query."
With that said, you gave perfect advice. Found this on the web, then
noticed that I also have the book on my shelf. ;-)
| csvde -f c:\classes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=classSchema)
| csvde -f c:\attributes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=attributeSchema)
This gives me exactly what I need, in nice CSV format for Excel. Thanks!
D
Dean Wells [MVP]
Please reread my original post, it clearly answers your question and
states that the syntax typically used by OIDs supports ONLY equality and
presence. I'm well aware that the query processor supports multiple
operands across other attribute syntaxes.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
states that the syntax typically used by OIDs supports ONLY equality and
presence. I'm well aware that the query processor supports multiple
operands across other attribute syntaxes.
--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
S
Scott Marquardt
Dean Wells [MVP] opined thusly on Feb 15:
Please re-read my response, where I clearly acknowledged that:
| With that said, you gave perfect advice. Found this on the web, then
| noticed that I also have the book on my shelf. ;-)
|
| | csvde -f c:\classes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=classSchema)
| | csvde -f c:\attributes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=attributeSchema)
|
| This gives me exactly what I need, in nice CSV format for Excel. Thanks!
I'm on my way, man, thanks to you.
I have no idea what you just said, so I'm glad at least one of us is well
aware of it. ;-)
Hey, only one other thread in usenet history has used the key terms you
broached in that paragraph. To newbies like me, some of this is anything
but clear until we dig some more.
Thanks again.
Please re-read my response, where I clearly acknowledged that:
| With that said, you gave perfect advice. Found this on the web, then
| noticed that I also have the book on my shelf. ;-)
|
| | csvde -f c:\classes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=classSchema)
| | csvde -f c:\attributes.txt -d cn=schema,cn=configuration,dc=domain,dc=tld -r (objectCategory=attributeSchema)
|
| This gives me exactly what I need, in nice CSV format for Excel. Thanks!
I'm on my way, man, thanks to you.
I have no idea what you just said, so I'm glad at least one of us is well
aware of it. ;-)
Hey, only one other thread in usenet history has used the key terms you
broached in that paragraph. To newbies like me, some of this is anything
but clear until we dig some more.
Thanks again.
J
Joe Kaplan \(MVP - ADSI\)
I think what Dean was trying to get at was that when doing an LDAP filter
that uses an OID, you can only use an exact match. You can't do wild cards
or anything like that.
Thus, you can do this to find the CN attribute definition:
(attributeID=2.5.4.3)
but you can't do this:
(attributeID=2.5.4.*)
To find all attributes with 2.5.4 as their base. This is because the syntax
for values of type OID doesn't allow this. There are quite a few attribute
syntaxes that only allow a subset of the LDAP filter syntaxes. Binary
(octet string) and DN syntax are notable for requiring exact match as well.
Thus, your original problem isn't that easy to solve with a simple LDAP
query because the syntax rules don't allow you to query this directly. You
need to dump them all out and do the analysis offline.
Most of this stuff is detailed here:
http://msdn.microsoft.com/library/d...w_to_specify_comparison_values.asp?frame=true
That is probably the most useful page in MSDN for query filter syntax.
HTH,
Joe K.
that uses an OID, you can only use an exact match. You can't do wild cards
or anything like that.
Thus, you can do this to find the CN attribute definition:
(attributeID=2.5.4.3)
but you can't do this:
(attributeID=2.5.4.*)
To find all attributes with 2.5.4 as their base. This is because the syntax
for values of type OID doesn't allow this. There are quite a few attribute
syntaxes that only allow a subset of the LDAP filter syntaxes. Binary
(octet string) and DN syntax are notable for requiring exact match as well.
Thus, your original problem isn't that easy to solve with a simple LDAP
query because the syntax rules don't allow you to query this directly. You
need to dump them all out and do the analysis offline.
Most of this stuff is detailed here:
http://msdn.microsoft.com/library/d...w_to_specify_comparison_values.asp?frame=true
That is probably the most useful page in MSDN for query filter syntax.
HTH,
Joe K.