Can I import by department or by Users OU?

DirectoryTree / LdapRecord-Laravel

Multi-domain LDAP Authentication & Management for Laravel.

https://ldaprecord.com/docs/laravel/v3

MIT License

509 stars 54 forks source link

Can I import by department or by Users OU? #452

Closed kirkfranklin-alameda closed 2 years ago

kirkfranklin-alameda commented 2 years ago

Discussed in https://github.com/DirectoryTree/LdapRecord-Laravel/discussions/430

^{Originally posted by **kirkfranklin-alameda** May 4, 2022} When I run php artisan ldap:import users I get all 1200 LDAP accounts in our Active Directory. Each department is its own OU, and each department also contains a Users OU. How can I import people by department, or (preferably) import only records in the Users OU?

kirkfranklin-alameda commented 2 years ago

Tried without success: php artisan ldap:import users --filter "(objectclass=person)" php artisan ldap:import users --filter "(objectClass=organizationalPerson)" php artisan ldap:import users --filter "(ou=City Clerk)"

This works: php artisan ldap:import users --filter "(cn=Ashley Zieba)"

stevebauman commented 2 years ago

Hi @kirkfranklin-alameda,

OU's are not attributes on objects. They are apart of the users distinguished name, as they are used to indicate hierarchy in the directory. This filter should work for you (though I'd recommend using a model scope instead).

Note: We're using a contains operation here via the asterisk (*) operator below. We must also escape equals (=) and commas (,) with a backslash inside of LDAP filters so that they may be parsed correctly).

--filter "(distinguishedName=*ou\=City Clerk*)"

kirkfranklin-alameda commented 2 years ago

I get an LdapRecordException error


λ php artisan ldap:import users --filter "(distinguishedName=*ou\=City Clerk*)"

   LdapRecord\LdapRecordException

  ldap_search(): Search: Bad search filter

  at C:\inetpub\intranet\vendor\directorytree\ldaprecord\src\LdapRecordException.php:26
     22▕      * @return $this
     23▕      */
     24▕     public static function withDetailedError(Exception $e, DetailedError $error = null)
     25▕     {
  ➜  26▕         return (new static($e->getMessage(), $e->getCode(), $e))->setDetailedError($error);
     27▕     }
     28▕
     29▕     /**
     30▕      * Set the detailed error.

  1   C:\inetpub\intranet\vendor\directorytree\ldaprecord\src\HandlesConnection.php:184
      LdapRecord\LdapRecordException::withDetailedError()

  2   C:\inetpub\intranet\vendor\directorytree\ldaprecord\src\Ldap.php:235
      ErrorException::("ldap_search(): Search: Bad search filter")

C:\inetpub\the-anchor (main -> origin)

stevebauman commented 2 years ago

Try a double backslash to escape the equals in the filter. 👍

kirkfranklin-alameda commented 2 years ago

With double backslash = "There were no users found to import."


php artisan ldap:import users --filter "(distinguishedName=*ou\\=City Clerk*)"