Hi VMware world,
We would like to build a query for :
- ActiveDirectory.search
the idea is to extract only organizationalUnits with in them distinguishedName "OU=SRV".
Ok We have try this :
parentOU = "SRV";
organizationUnitList = ActiveDirectory.search("OrganizationalUnit",parentOU,adHost);
It works, but all children of "SRV" are missing ...... and now we don't arrive to build a correct QUERY to filter organizationalUnits with in them distinguishedName "OU=SRV".
This doesn't work :
searchStr = "SRV"
query = "xpath:distinguishedName contains \'" + searchStr + "\'";
organizationUnitList = ActiveDirectory.search("OrganizationalUnit",query,adHost);
If you have an idea :smileyplus: to build this query !
Thx for your help.
Thx stevedrummond,
this code works for our needs :
/* getAllAdOrganizationalUnits - Filtered on "OU=SRV"
This script retrieves a list of Organizational Units.
ATTRIBUT
adHost - Specifies adHost to use
distinguishedName (string) - Specifies a regex filter. Only computers with DNs matching the pattern will be returned.
*/
// Get AD Host to use :
ldapClient = adHost.getLdapClient();
rootBaseDn = adHost.hostConfiguration.ldapBase;
// Return only distinguishedName from the LDAP lookup :
var propertyList = [
"distinguishedName"
];
searchRequest = LdapSearchRequest.createRequest(
rootBaseDn,
"(objectClass=organizationalUnit)",
LdapSearchScope.SUB,
propertyList,
LdapDereferencePolicy.ALWAYS);
resumeCookie = null;
allResults = [];
iterations = 0;
while ( true && iterations < 1000 ){
// Don't let the loop go over 1000 iterations to avoid infinite loop.
iterations ++;
pagedSearchControl = new LdapSimplePagedResultsControl(999999, resumeCookie, true);
// Make sure there is no another control registered with same OID
searchRequest.removeControlByOid(pagedSearchControl.getOID());
// add SimplePagedResultsControl to current search control
searchRequest.addControl(pagedSearchControl);
searchResult = ldapClient.searchBySearchRequest(searchRequest);
ldapEntries = searchResult.getSearchEntries();
if ( ldapEntries ){
ldapEntries.map(function (elem) { allResults.push(elem); });
}
responseControl = LdapSimplePagedResultsControl.get(searchResult);
if ( responseControl.moreResultsToReturn() ){
resumeCookie = responseControl.getCookieBytes();
} else {
break;
}
}
if ( allResults ){
// Filter by distinguishedName, if provided:
if ( distinguishedName ){
regx = new RegExp(distinguishedName,"gi");
allResults = allResults.filter(function (elem) { return elem.getAttributeValue("distinguishedName").match(regx) } );
}
for (keyAR in allResults) {
organizationUnit = allResults[keyAR];
organizationUnitDn = organizationUnit.getDN();
System.debug('organizationUnitDn : ' + organizationUnitDn);
}
} else {
throw "No LDAP entries found for AD Computers in " + rootBaseDn + "!";
}
Try this
const ldapClient = adHost.getLdapClient(); // ActiveDirectory:AdHost
const name = 'SRV';
var baseDn = adHost.hostConfiguration.ldapBase;
const searchResult = ldapClient.search(
baseDn,
LdapSearchScope.SUB,
LdapDereferencePolicy.NEVER,
50, // limit
0, // timeout
"(&(objectClass=organizationalUnit)(ou:dn:=" + name + "))",
null // attributes
);
System.debug('Number of Entries: ' + searchResult.getEntryCount());
const entries = searchResult.getSearchEntries();
Hi stevedrummond,
Thx for your help...... With your code it's the same problem of :
parentOU = "SRV";
organizationUnitList = ActiveDirectory.search("OrganizationalUnit",parentOU,adHost);
This return only all "SRV" OrganizationalUnits but not the children of "SRV" like :
Result :
ldap search filters do not support filtering by distinguishedName. You will need to find all OU's called 'SRV', and then loop through them using their DN as the baseDN for your sub OU query.
alternatively do a search for all OU's and then use array filters on their DN attribute; obviously you would need to consider the implications of this.
Thx stevedrummond,
this code works for our needs :
/* getAllAdOrganizationalUnits - Filtered on "OU=SRV"
This script retrieves a list of Organizational Units.
ATTRIBUT
adHost - Specifies adHost to use
distinguishedName (string) - Specifies a regex filter. Only computers with DNs matching the pattern will be returned.
*/
// Get AD Host to use :
ldapClient = adHost.getLdapClient();
rootBaseDn = adHost.hostConfiguration.ldapBase;
// Return only distinguishedName from the LDAP lookup :
var propertyList = [
"distinguishedName"
];
searchRequest = LdapSearchRequest.createRequest(
rootBaseDn,
"(objectClass=organizationalUnit)",
LdapSearchScope.SUB,
propertyList,
LdapDereferencePolicy.ALWAYS);
resumeCookie = null;
allResults = [];
iterations = 0;
while ( true && iterations < 1000 ){
// Don't let the loop go over 1000 iterations to avoid infinite loop.
iterations ++;
pagedSearchControl = new LdapSimplePagedResultsControl(999999, resumeCookie, true);
// Make sure there is no another control registered with same OID
searchRequest.removeControlByOid(pagedSearchControl.getOID());
// add SimplePagedResultsControl to current search control
searchRequest.addControl(pagedSearchControl);
searchResult = ldapClient.searchBySearchRequest(searchRequest);
ldapEntries = searchResult.getSearchEntries();
if ( ldapEntries ){
ldapEntries.map(function (elem) { allResults.push(elem); });
}
responseControl = LdapSimplePagedResultsControl.get(searchResult);
if ( responseControl.moreResultsToReturn() ){
resumeCookie = responseControl.getCookieBytes();
} else {
break;
}
}
if ( allResults ){
// Filter by distinguishedName, if provided:
if ( distinguishedName ){
regx = new RegExp(distinguishedName,"gi");
allResults = allResults.filter(function (elem) { return elem.getAttributeValue("distinguishedName").match(regx) } );
}
for (keyAR in allResults) {
organizationUnit = allResults[keyAR];
organizationUnitDn = organizationUnit.getDN();
System.debug('organizationUnitDn : ' + organizationUnitDn);
}
} else {
throw "No LDAP entries found for AD Computers in " + rootBaseDn + "!";
}