Home > Archive > LDAP > December 2006 > filter syntax with userAccountControl
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
filter syntax with userAccountControl
|
|
| Lyndley Nygel 2006-12-11, 7:30 pm |
|
Hi,
I'm having an issue list disabled computer accounts on an LDAP query though
Net::LDAP to active directory, a cut down query as example :
(& (sAMAccountType=805306369)(userAccountCo
ntrol:1.2.840.113556.1.4.803:=2))
Should locate server accounts which have the disabled flag set.
The sepcific problem seems to be Net::LDAP's parsing of the
userAccountControl part. This query works fine in AD users and computers
but Net::LDAP seems unable to parse it. "Bad file descriptor".
I've tried escaping/multiple escaping/swapping for escaped hex the : and .
every which way but just can't get this query to run. Could anyone offer
some advice on how to execute this?
Thanks
Nygel
| |
| Eric Nichols 2006-12-11, 7:30 pm |
| Something changed in Net::LDAP a couple of years ago.. try the following syntax:
(useraccountcontrol:dn:1.2.840.113556.1.4.803:=2)
Note the :dn:
On Wed, December 6, 2006 11:28 am, Lyndley Nygel wrote:
>
>
> Hi,
>
>
>
> I'm having an issue list disabled computer accounts on an LDAP query though
> Net::LDAP to active directory, a cut down query as example :
>
>
>
> (& (sAMAccountType=805306369)(userAccountCo
ntrol:1.2.840.113556.1.4.803:=2))
>
>
>
> Should locate server accounts which have the disabled flag set.
>
>
>
> The sepcific problem seems to be Net::LDAP's parsing of the
> userAccountControl part. This query works fine in AD users and computers
> but Net::LDAP seems unable to parse it. "Bad file descriptor".
>
>
>
> I've tried escaping/multiple escaping/swapping for escaped hex the : and .
> every which way but just can't get this query to run. Could anyone offer
> some advice on how to execute this?
>
>
>
> Thanks
>
>
>
> Nygel
>
>
|
|
|
|
|