search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
11.09k stars 3.18k forks source link

LDAP Filter #13175

Open Crosyc opened 1 year ago

Crosyc commented 1 year ago

Debug mode

Describe the bug

I want to use a LDAP-Filter with negation, in the AD it works absolutely great but not in Snipe IT and i dont know why.

Here is the Filter:

(&(objectCategory=person)(objectSid=)(!samAccountType:1.2.840.113556.1.4.804:=3)(!useraccountcontrol:1.2.840.113556.1.4.803:=2)(physicalDeliveryOfficeName=))

Reproduction steps

  1. Always the same

  3. ...

Expected behavior

Maybe help

Screenshots

No response

Snipe-IT Version

6.1.0

Operating System

Windows

Web Server

IIS

PHP Version

8.2.7

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

welcome[bot] commented 1 year ago

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

CrypNZ commented 1 year ago

Can you explain in words what you are trying to filter?

Crosyc commented 1 year ago

I try to Filter userobjects they dont have a E-Mail Address and only active user. So the Filter should do: import everything except no mail address and inactive user.

i tried with no negation and then it works, but our Company want it with the negation because its dynamic.

CrypNZ commented 1 year ago

Can you try this: (&(objectCategory=person)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) Can you explain what this is doing: (!samAccountType:1.2.840.113556.1.4.804:=3) and whether you need it?

Let me know if the filter I provided works or if it doesn't behave as expected.

Crosyc commented 1 year ago

Hi, your filter isn´t working. Same error.

(!samAccountType:1.2.840.113556.1.4.804:=3) means that Administrator Accounts should not be imported.

MichaelProuse commented 9 months ago

I'm facing challenges in crafting the correct LDAP filter. While everything else is functioning perfectly, I'm seeking a filter that would omit my service accounts. Our accounts are organized by departments rather than utilizing the default "Users" OU. The goal is to exclude the service accounts.