Help
{{sidenavigation.sidenavigationExpandLabel}}
{{banner.text}} {{banner.linkText||banner.linkHref}}
{{getMsg('Help_YouAreHere')}}: {{page.title}} {{page.title}}
{{$root.getMsg("downLoadHelpAsPdf")}} {{helpModel.downloadHelpPdfDataStatus}}

LDAP Search Query

In this dialog, you have the option of an LDAP search query to determine the content of specific data fields. For example, you could only import all AD users that are members of a specific Windows group. The syntax in this case is as follows:

(&(objectClass=organizationalPerson)(memberOf=CN=HomeOffice,OU=Gruppen,DC=firma,DC=local))

In LDAP, attributes are enclosed in parentheses. The above example contains two attribute specifications, both of which should be met simultaneously for the search to score. Therefore, at the beginning of the search query, the & symbol appears as a logical "AND" - everything must be true at the same time. Finally, another pair of parentheses is given, to which the & refers - here the whole expression, which is therefore bracketed.

  • organizationalPerson: A standard object class, which contains the user and more.
  • memberOf: In the example, specifies the required membership in the Windows 'HomeOffice' group, including the LDAP path.

Of course, search criteria can not be linked only with AND. There is also the logical OR indicated by the pipe symbol (|) and the NOT indicated by the exclamation mark (!).

LDAP also accepts Wildcard. For this, the asterisk * can be used anywhere in the search string.

Further examples

  • (&(objectClass=organizationalPerson)(|(l=Berlin)(l=Potsdam)))
    • All users whose AD attribute "Location" (LDAP object "location") has the entry "Berlin" or "Potsdam" are determined.
  • (&(objectClass=organizationalPerson)(!(sn=Meier)))
    • All users whose surname is NOT "Meier" are determined.
  • (&(objectClass=organizationalPerson)(mail=*@firma.local))
    • All users who have the mail domain "company.local" in the field "E-Mail" are found.
  • (&(objectClass=organizationalPerson)(mail=*))
    • All users with a non-empty "E-mail" field will be found.

Notes

  • User entries are missing in the preview or import: Even with a correct query, entries for the import can be hidden. This can be caused, for example, by the attribute msExchHideFromAddressLists in the Active Directory.
    • Solution: In such a case, there is an additional checkbox at the end of the list in the data import UI, which can be used to also import hidden users.
Version: 25.4.200 (2025-04-04)
i-net HelpDesk
This application uses cookies to allow login. By continuing to use this application, you agree to the use of cookies.


Help - LDAP Search Query