LDAP根查询语法来搜索多个特定OU [英] LDAP root query syntax to search more than one specific OU

问题描述

我需要运行一个LDAP查询，将通过两个具体的组织单位（OU）在根查询搜索但是我有一个艰难的旅途吧。我试过下面的下面的查询既不是成功的：

I need to run a single LDAP query that will search through two specific organization units (OU) in the root query however I'm having a tough go of it. I've tried the following queries below and neither were successful:

(|(OU=Staff,DC=my,DC=super,DC=org)(OU=Vendors,DC=my,DC=super,DC=org))

((OU=Staff,DC=my,DC=super,DC=org) | (OU=Vendors,DC=my,DC=super,DC=org))

我的问题是;是它可以查询多个单独的OU 在一个单一的查询？假设它是正确的语法，这种类型的前pression根LDAP查询。

My question is; is it possible to query more than one single OU in a single query? Assuming that it is what the proper syntax for this type of expression in the root LDAP query.

推荐答案

答案是否定的，你不能。为什么呢？

The answer is NO you can't. Why?

由于LDAP标准描述了4个参数一个LDAP-SEARCH作为一种功能：

Because the LDAP standard describes a LDAP-SEARCH as kind of function with 4 parameters:

1. 在其中进行搜索应该开始的节点，这是一个区分名（DN）
2. 您想要的属性被带回
3. 搜索（基地之一级，子树）的深度
4. 过滤器

您感兴趣的过滤器。你已经有了一个总结这里 （它是由微软提供的活动目录，它是从一个标准）。该过滤器组成，在布尔方式，通过类型的前pression 属性运算符值。

You are interested in the filter. You've got a summary here (it's provided by Microsoft for Active Directory, it's from a standard). The filter is composed, in a boolean way, by expression of the type Attribute Operator Value.

所以，你给过滤器并不能代表什么。

So the filter you give does not mean anything.

在的理论观点有 ExtensibleMatch ，让buildind过滤器的DN路径上，但它不是由Active Directory支持。

On the theoretical point of view there is ExtensibleMatch that allows buildind filters on the DN path, but it's not supported by Active Directory.

据我所知，你必须使用一个属性的广告，就区别为用户在两个OU。

As far as I know, you have to use an attribute in AD to make the distinction for users in the two OUs.

它可以是任何现有的鉴别属性，或者，例如是从 organizationalPerson 类继承叫OU属性。你可以将它（它不是自动的，也不会保持如果移动用户）与工作人员的人对某些用户和供应商，并将其使用的过滤器：

It can be any existing discriminator attribute, or, for example the attribute called OU which is inherited from organizationalPerson class. you can set it (it's not automatic, and will not be maintained if you move the users) with "staff" for some users and "vendors" for others and them use the filter:

(&(objectCategory=person)(|(ou=staff)(ou=vendors)))

这篇关于LDAP根查询语法来搜索多个特定OU的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！