LDAP filter for searching students

Question

I am fairly new to LDAP and AD. I want to create an LDAP filter to show all the students in the AD. But the problem is that the students are in different BASE DN:

OU=STUDENTS,OU=USERS,OU=SOE,OU=FOAE,OU=UNIVERSITY,DC=sepang
OU=STUDENTS,OU=USERS,OU=SOMLC,OU=FOAE,OU=UNIVERSITY,DC=sepang
OU=STUDENTS,OU=USERS,OU=SOCS,OU=FOS,OU=UNIVERSITY,DC=sepang

i.e for each student it is like

CN =khx72b,OU=STUDENTS,OU=USERS,OU=SOCS,OU=FOS,OU=UNIVERSITY,DC=sepang

As you can see students from different faculties are in different places. Given an username how can I search and find if the given user is in the directory?

The objectClass for all the students is 'user'.

Answer 1

As it seems you are searching for objects of type 'user' which are in OUs called 'STUDENTS' but otherwise have no common parent.

This cannot be done in one step (i.e. with a single LDAP query).

You must either retrieve all OUs named 'STUDENTS' and use them as Base DNs one by one, like you've already indicated.

Or you find a property that all students share (a direct group membership, for example, or a special value somewhere) and use that as the filter. This is a more dangerous approach since nothing guarantees that every student actually has the feature you rely on - some might have been not entered into AD correctly.