Menu
Say you have an LDAP with the following structure:
dc=corp,dc=com
|--dc=security
|--ou=users
|--ou=corporate
| |--ou=it
| |--it-user1
| |--it-user2
|--user1
|--user2
|--user3
I need a search query that will look at all entries under the users ou, including those under corporate and it.
Currently I am trying the following:
uid=it-user2,ou=users,dc=security,dc=corp,dc=com
The scope of the search is set as subtree. I was under the impression that the subtree scope would cause the LDAP to search recursively through the entire tree, but that does not seem to be the case. However, if I add the full path into the search as I have below, the entry is found.
uid=it-user2,ou=it,ou=corporate,ou=users,dc=security,dc=corp,dc=com
Could someone give me an idea of where I am going wrong? Thanks.
975
asked Nov 30 '25 15:11
You need to set your search context (i.e., the search base) to where your object/entry is stored. Based on your example, the search context is ou=users,dc=security,dc=corp,dc=com. When you set the search scope to subtree, it should find the entry or entries that match your critera (i.e., search filter). For example,
ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(uid=it-user2)"
Of course, with the 'subtree' search scope, you could even set the search context to a higher level container (e.g., dc=security,dc=corp,dc=com). Your entry would still be found as long as it matches the criteria specified by your filter. Since you're searching for all entries under the ou=users container, your query would probably look like this:
ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(uid=*)"
or
ldapsearch -h SERVER -b ou=users,dc=security,dc=corp,dc=com -s sub "(objectclass=*)"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
