LDAP everything except 1 OU

Unanswered Question
Jun 15th, 2009

Hi There,

I need a little assistance again after encountering a spam mail actually emailed one of our distribution group. Is there way to setup an LDAP query to work on every email address except for 1 OU (such as "Distribution Group" OU.)

Even a filter would be a nice workaround if anyone can offer some advice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steven_geerts Tue, 06/16/2009 - 10:58

Hello,

I have no Ironport example but I think you manage to add the Ironport specific stuff to it yourself.

A few examples:
This one does what you ask for. It includes all objects with “objectclass=person" and any value in the "mail=" attribute. except if the object is in a container that is named exludedUsers1 (anywhere in your directory)


(&
(objectclass=person)
(mail=*)
(!(ou:dn:=excludedUsers1))
)



The same but that with three excluded OU's

(&
(objectclass=person)
(mail=*)
(!(ou:dn:=excludedUsers1))
(!(ou:dn:=excludedUsers2))
(!(ou:dn:=excludedUsers3))
)


And the other way around, only is a user is in a container named " includerUsers1

(&
(objectclass=person)
(mail=*)
(ou:dn:=includedUsers1)
)


And to make it complete the same as the previous with multiple included ou’s.

(&
(objectclass=person)
(mail=*)
(|
(ou:dn:=includedUsers1)
(ou:dn:=includedUsers2)
(ou:dn:=includedUsers3)
)
)



These filters all take the complete DN and analyze it to see if there is a matching container in this DN.
This means (with the first example) that the objects in the container "/o=org,dc=dc1,ou=excludedUsers1" are excluded but also the objects in the container "/o=org,dc=dc2,ou=excludedUsers1"
If you want you can be more explicit in defining the path to exclude or include but I have no examples present for the moment.
If you really want I can find it out for you.



Note: for readability I formatted the filters over a few lines, you can simply remove all spaces and line brakes to place it in your single line searchfilter field in the GUI.



Good luck!

Steven

Actions

This Discussion