Hello Im facing issues trying to get the attribute of some of my users . Most of them are placed under the same OU "Users" but some of ther are placed on several different OU (INTERNATIONAL USERS or EXTERNAL USERS etc)
Right now Im trying to get the attribute sAMAccountName like this :
ldapsearch -u someuser -w somepasword -v -x -H ldap://my.ldap.ip.dir
-D "CN=MYCN,OU=GENERIC USERS,OU=USERS,DC=set,DC=ads,DC=myorg,DC=ca"
-b "CN=SAMUEL L JACKSON,OU=DEL,OU=USERS,DC=set,DC=ads,DC=myorg,DC=ca" "(&(objectclass=group)(cn=G LAW *))"
sAMAccountName
But some of the users are not under OU=USERS and I can find them at several locations :
ldapsearch -u someuser -w somepasword -v -x -H ldap://my.ldap.ip.dir
-D "CN=MYCN,OU=GENERIC USERS,OU=USERS,DC=set,DC=ads,DC=myorg,DC=ca"
-b "CN=SAMUEL L JACKSON,OU=DEL,OU=INTERNATIONAL USERS,DC=set,DC=ads,DC=myorg,DC=ca" "(&(objectclass=group)(cn=G LAW *))"
sAMAccountName
or
ldapsearch -u someuser -w somepasword -v -x -H ldap://my.ldap.ip.dir
-D "CN=MYCN,OU=GENERIC USERS,OU=USERS,DC=set,DC=ads,DC=myorg,DC=ca"
-b "CN=SAMUEL L JACKSON,OU=DEL,OU=EXTERNAL USERS,DC=set,DC=ads,DC=myorg,DC=ca" "(&(objectclass=group)(cn=G LAW *))"
sAMAccountName
What I would love is to be able to search recursively at -b "CN=SAMUEL L JACKSON,OU=DEL" and get the sAMAccountName at everywhere (maybe they are at INTERNATIONAL USERS or maybe they are at EXTERNAL USERS or at another OU at the same level)
You need to change the search base to DC=set,DC=ads,DC=myorg,DC=ca (like with FQDN's: reading right to left, keeping the longest part that is common to all matching entries).
Also, the filter is wrong because you don't want group entries starting with specific cn but user entries :
(&(objectCategory=person)(objectClass=user))
If you need only users that are member of a specific group, then you would use :
(&(objectCategory=person)(objectClass=user)(memberOf=<groupDN>))