[Question] How to use Different LDAP Connection on Imports

[kellerisddev]

Hi Steve,

The Active Directory schema that I am stuck with places deactivated users in a separate OU than active users and so when I need to run a query to Soft Delete DB users I have to change the Base_DN in the .env file and then run an import with the --delete flag set.

IS there a way to use a second dedicated LDAP Connection to perform this task or a way to perform it from one connection using a filter?

[stevebauman]

Hi there @kellerisddev!

Unfortunately what you're looking for isn't possible, since performing a search across multiple OU's in one request is not possible in LDAP. Your base DN should be set to provide access to the users that you need to interact with in your import in the user state that you need to alter (active and deactive in your case).

IS there a way to use a second dedicated LDAP Connection to perform this task or a way to perform it from one connection using a filter?

You could use a filter on group memberships on your users if that would help you only import the users you need. This is a common practice if you have users from several OU's that you'd like to import, but excluding those that are not members of a particular group.

You cannot however use a filter on users' distinguished name or organizational unit to be able to restrict the import to a specific set of OU's.

[stevebauman]

Actually, you may be able to filter on the distinguishedName attribute since you're using Active Directory.

You can give it a shot and see if this works:

php artisan ldap:import --filter "(|(distinguishedName=%OU=Accounting,DC=local,DC=com)(distinguishedName=%OU=Office,DC=local,DC=com)"

[stevebauman]

Closing due to inactivity.