HPE Community
HPE Morpheus Enterprise
1834454 Members
2836 Online
110067 Solutions
New Discussion

LDAP Query Cheat Sheet

 
cbunge
HPE Pro

‎02-10-2023 06:42 AM

‎02-10-2023 06:42 AM

LDAP Query Cheat Sheet

This is a wiki page to contribute helpful LDAP Queries in a centralized post.

Note: This is a wiki post and others can contribute directly to it.

  • Add the code to code blocks
  • Add code to most appropriate section (add as needed)
  • Any information is helpful!

Request Options

LDAP URL

LDAP URL includes the target scoped OU path for the additional query params. Best practice is to make this as specific as possible to speed the query up and limit the scope of returned objects. This string needs to be HTML Encoded if you have special characters or spaces.

Example of the highest level LDAP URL is:

ldap://<ADServer>.com:389/dc=domain,dc=com

Example of a more specific LDAP URL with HTML Encoding:

ldap://<ADServer>.com:389/ou=Test%20-%20Hyphen,ou=Users,ou=Environment,dc=domain,dc=com

Credentials

Credential can be entered locally on the Option List directly, or, you can consume a credential object within Morpheus so there is a centralized location for User/Password updates.

The user needs to have permissions to whatever OU you are searching and is typically referred to as a Bind User. Essentially Read Only access is the requirement.

LDAP Query

LDAP Query allows for globally available additional queries that are required to further filter the list returned. Morpheus allows for the optional <%=phrase%> variable to allow modifying the query as the user types to create an even more dynamic filter.

Translation Script

Like the Translation Script on other Option Lists, this allows a user to take the data returned and convert it into a useable list of Name:Value pairs. I’ve found that with LDAP it’s often best to have an If Statement for the name (and possibly the value) as there can be inconsistencies on available additional attributes within AD.

The lower portion of the code is simply a sort on the results to ensure an alphabetical array.

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.sAMAccountName;
    }

    a['value'] = row.sAMAccountName;
    results.push(a);
}
results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});

Queries

Departments

  • List current user Department
    (&(objectClass=user)(cn=<%=user.username%>*))

  • Translation

if(input.user != null) {
for(var x=0;x < data.length ; x++) {
    var attrib = "departmentNumber"
    var row = data[x];
    var a = {};
	if(row.sAMAccountName === input.user.username) {
      if(row[attrib] != null) {
      a['name'] = row[attrib];
    } else {
      a['name'] = "No Department";
    }

      if(row[attrib] != null) {
      a['value'] = row[attrib];
    } else {
      a['value'] = null;
    }
    results.push(a);
}}}

Groups

  • List all Groups
    (&(objectClass=group)(cn=*))
    or
    (&(objectClass=group)(cn=<%=phrase%>*))

  • Translation

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.name;
    }

    a['value'] = row.sAMAccountName;
  
    results.push(a);
}

results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});

Manager

  • List Manager for current user
    (&(objectClass=user)(cn=*))
    or
    (&(objectClass=user)(cn=<%=phrase%>*))

  • Translation

if(input.user != null) {
for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
	if(row.sAMAccountName === input.user.username) {
      if(row.manager != null) {
      a['name'] = row.manager;
    } else {
      a['name'] = "No Manager";
    }

      if(row.manager != null) {
      a['value'] = row.manager;
    } else {
      a['value'] = null;
    }
    results.push(a);
}}}

Users

  • List all Users
    (&(objectClass=user)(cn=*))
    or
    (&(objectClass=user)(cn=<%=phrase%>*))

  • Translation

for(var x=0;x < data.length ; x++) {
    var row = data[x];
    var a = {};
      if(row.displayName != null) {
      a['name'] = row.displayName;
    } else {
      a['name'] = row.sAMAccountName;
    }

    a['value'] = row.sAMAccountName;
    results.push(a);
}
results.sort(function(a, b) {
    if (a.name < b.name) {
        return -1;
    }
    if (a.name > b.name) {
        return 1;
    }
    return 0;
});
0 Kudos
Reply
2 REPLIES 2
cbunge
HPE Pro

‎02-10-2023 06:43 AM

‎02-10-2023 06:43 AM

Re: LDAP Query Cheat Sheet

 
0 Kudos
Reply
cbunge
HPE Pro

‎02-10-2023 06:43 AM

‎02-10-2023 06:43 AM

Re: LDAP Query Cheat Sheet

 
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.