Filter for User Domain Name in LDAPv3 (not AD)

Joern

6/9/23, 4:12 PM

I try to get my UID out of the LDAP by a filter that can recognize the whole user with the (internal) domain. For example: (Internal) LDAP Domain is "office.intern" and the user (uid) is "peter.pan" and email is "[email protected]". But i want to search/filter for "[email protected]" as the whole qualified domain user name (User Principal Name) to find "peter.pan". And i have no clue how the filter has to look like.

Can someone enlighten me. Please!!!! Thanks in advance.

0 + 0

ldap

opendirectory

Bob

6/9/23, 4:36 PM

When there is no attribute with a value of `[email protected]` to search for, you shouldn't use that as the filter. - Your options are then: before executing the ldap query either simply split the username at the `@` first and then search only for `peter.pan` or substitute the office.intern for office.com and search for an email attribute with the value of `[email protected]`, and maybe limit your search results with the appropriate search base to find results only for office.intern

Joern

6/9/23, 4:44 PM

Hi Bob, thank you very much. I was afraid of this answer as i need the official email [email protected] for notifications and the [email protected] as login for a crushftp server. And yes you are right i can query for "uid" and "mail" and this works because it is a value. I'm too new to this ldap filter match querry thing and thought there has to be a "workaround" in our digital world to "extract" the UPN. Thanks for your time.

Bob

6/9/23, 4:51 PM

Rather than a convoluted technical solution, how about simply instructing your (FTP) users to use the login name that you actually know them by in your LDAP? i.e. *Dear mr. Pan please log in with `ftp://peter.pan:<password>@ftp.example.com`*

Joern

6/9/23, 5:02 PM

Hi Bob, thanks again for this idea. I'm sorry that i did not explain the whole thing. Yes your are right with your idea. But i was trying to figure out how i can login the internal domain user to the backend of the crush ftp for administration the server. And you couldn't know that. I'm sorry. BUT you gave me a very good hint! I hardcoded **[email protected]** in the attribute type "departmentNumber" as it is not used. And now i can filter for the attribute. I have to say thank you for bringing me to an "ugly" workaround. :) But it works! THANK YOU.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Filter for User Domain Name in LDAPv3 (not AD)

TH: กรองชื่อโดเมนผู้ใช้ใน LDAPv3 (ไม่ใช่ AD)

RO: Filtrați pentru numele de domeniu al utilizatorului în LDAPv3 (nu AD)

RU: Фильтр имени домена пользователя в LDAPv3 (не AD)

VI: Lọc tên miền người dùng trong LDAPv3 (không phải AD)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.