Highlighted
Enthusiast
Enthusiast

[vRA7.5] - activeDirectory.search, build query

Jump to solution

Hi VMware world,

We would like to build a query for :

- ActiveDirectory.search

pastedImage_0.png

the idea is to extract only organizationalUnits with in them distinguishedName "OU=SRV".

Ok We have try this :

parentOU = "SRV";

organizationUnitList = ActiveDirectory.search("OrganizationalUnit",parentOU,adHost);

It works, but all children of "SRV" are missing ...... and now we don't arrive to build a correct QUERY to filter organizationalUnits with in them distinguishedName "OU=SRV".

This doesn't work :

searchStr = "SRV"

query = "xpath:distinguishedName contains \'" + searchStr + "\'";

organizationUnitList = ActiveDirectory.search("OrganizationalUnit",query,adHost);

If you have an idea :smileyplus: Smiley Wink to build this query !

Thx for your help.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Enthusiast
Enthusiast

Thx stevedrummond​,

this code works for our needs :

/*  getAllAdOrganizationalUnits - Filtered on "OU=SRV"

This script retrieves a list of Organizational Units.

ATTRIBUT

  adHost -  Specifies adHost to use

  distinguishedName (string)   - Specifies a regex filter.  Only computers with DNs matching the pattern will be returned.

  

*/ 

 

 

//  Get AD Host to use :

ldapClient = adHost.getLdapClient();

rootBaseDn = adHost.hostConfiguration.ldapBase;

 

//  Return only distinguishedName from the LDAP lookup :

var propertyList = [    

  "distinguishedName" 

]; 

 

searchRequest = LdapSearchRequest.createRequest(   

  rootBaseDn, 

  "(objectClass=organizationalUnit)", 

  LdapSearchScope.SUB,   

  propertyList, 

  LdapDereferencePolicy.ALWAYS);   

   

resumeCookie = null; 

allResults = []; 

iterations = 0; 

while ( true && iterations < 1000 ){ 

    //  Don't let the loop go over 1000 iterations to avoid infinite loop. 

    iterations ++; 

     

     

    pagedSearchControl = new LdapSimplePagedResultsControl(999999, resumeCookie, true); 

    // Make sure there is no another control registered with same OID   

    searchRequest.removeControlByOid(pagedSearchControl.getOID());   

    // add SimplePagedResultsControl to current search control   

    searchRequest.addControl(pagedSearchControl);  

     

     

    searchResult = ldapClient.searchBySearchRequest(searchRequest);   

    ldapEntries = searchResult.getSearchEntries(); 

 

    if ( ldapEntries ){ 

        ldapEntries.map(function (elem) { allResults.push(elem); }); 

      } 

     

    responseControl = LdapSimplePagedResultsControl.get(searchResult); 

     

    if ( responseControl.moreResultsToReturn() ){ 

        resumeCookie = responseControl.getCookieBytes(); 

      } else { 

        break; 

      } 

}  

 

 

if ( allResults ){ 

  //  Filter by distinguishedName, if provided: 

    if ( distinguishedName ){ 

    regx = new RegExp(distinguishedName,"gi"); 

    allResults = allResults.filter(function (elem) { return elem.getAttributeValue("distinguishedName").match(regx) } );

    } 

      for (keyAR in allResults) {

            organizationUnit = allResults[keyAR];

            organizationUnitDn = organizationUnit.getDN();

            System.debug('organizationUnitDn : ' + organizationUnitDn);

        }

    } else { 

          throw "No LDAP entries found for AD Computers in " + rootBaseDn + "!"; 

    }

View solution in original post

4 Replies
Highlighted
Hot Shot
Hot Shot

Try this

const ldapClient = adHost.getLdapClient(); // ActiveDirectory:AdHost

const name = 'SRV';

var baseDn = adHost.hostConfiguration.ldapBase;

const searchResult = ldapClient.search(

    baseDn,

    LdapSearchScope.SUB,

    LdapDereferencePolicy.NEVER,

    50, // limit

    0, // timeout

    "(&(objectClass=organizationalUnit)(ou:dn:=" + name + "))",

    null // attributes

);

System.debug('Number of Entries: ' + searchResult.getEntryCount());

const entries = searchResult.getSearchEntries();

0 Kudos
Highlighted
Enthusiast
Enthusiast

Hi stevedrummond​,

Thx for your help......​ With your code it's the same problem of :

parentOU = "SRV";

organizationUnitList = ActiveDirectory.search("OrganizationalUnit",parentOU,adHost);

This return only all "SRV" OrganizationalUnits but not the children of "SRV" like :

pastedImage_4.png

Result :

pastedImage_12.png

0 Kudos
Highlighted
Hot Shot
Hot Shot

ldap search filters do not support filtering by distinguishedName. You will need to find all OU's called 'SRV', and then loop through them using their DN as the baseDN for your sub OU query.

alternatively do a search for all OU's and then use array filters on their DN attribute; obviously you would need to consider the implications of this.

0 Kudos
Highlighted
Enthusiast
Enthusiast

Thx stevedrummond​,

this code works for our needs :

/*  getAllAdOrganizationalUnits - Filtered on "OU=SRV"

This script retrieves a list of Organizational Units.

ATTRIBUT

  adHost -  Specifies adHost to use

  distinguishedName (string)   - Specifies a regex filter.  Only computers with DNs matching the pattern will be returned.

  

*/ 

 

 

//  Get AD Host to use :

ldapClient = adHost.getLdapClient();

rootBaseDn = adHost.hostConfiguration.ldapBase;

 

//  Return only distinguishedName from the LDAP lookup :

var propertyList = [    

  "distinguishedName" 

]; 

 

searchRequest = LdapSearchRequest.createRequest(   

  rootBaseDn, 

  "(objectClass=organizationalUnit)", 

  LdapSearchScope.SUB,   

  propertyList, 

  LdapDereferencePolicy.ALWAYS);   

   

resumeCookie = null; 

allResults = []; 

iterations = 0; 

while ( true && iterations < 1000 ){ 

    //  Don't let the loop go over 1000 iterations to avoid infinite loop. 

    iterations ++; 

     

     

    pagedSearchControl = new LdapSimplePagedResultsControl(999999, resumeCookie, true); 

    // Make sure there is no another control registered with same OID   

    searchRequest.removeControlByOid(pagedSearchControl.getOID());   

    // add SimplePagedResultsControl to current search control   

    searchRequest.addControl(pagedSearchControl);  

     

     

    searchResult = ldapClient.searchBySearchRequest(searchRequest);   

    ldapEntries = searchResult.getSearchEntries(); 

 

    if ( ldapEntries ){ 

        ldapEntries.map(function (elem) { allResults.push(elem); }); 

      } 

     

    responseControl = LdapSimplePagedResultsControl.get(searchResult); 

     

    if ( responseControl.moreResultsToReturn() ){ 

        resumeCookie = responseControl.getCookieBytes(); 

      } else { 

        break; 

      } 

}  

 

 

if ( allResults ){ 

  //  Filter by distinguishedName, if provided: 

    if ( distinguishedName ){ 

    regx = new RegExp(distinguishedName,"gi"); 

    allResults = allResults.filter(function (elem) { return elem.getAttributeValue("distinguishedName").match(regx) } );

    } 

      for (keyAR in allResults) {

            organizationUnit = allResults[keyAR];

            organizationUnitDn = organizationUnit.getDN();

            System.debug('organizationUnitDn : ' + organizationUnitDn);

        }

    } else { 

          throw "No LDAP entries found for AD Computers in " + rootBaseDn + "!"; 

    }

View solution in original post