LDAP ipPhone filter : ccm 7.1

Unanswered Question
Aug 27th, 2010


I was trying to filter LDAP import based upon LDPA ipPhone value. Filtering empty ipPhone is working with:

  <?xml version="1.0" encoding="UTF-8" ?>
- <!-- DTD generated by XMLSPY v5 rel. 4 U (
  <!DOCTYPE data (View Source for full doctype...)>
- <data>
  <sql query="select * from ldapfilter where tkldapserver=1" />
  <sql update="update ldapfilter set filter ='(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))' where tkldapserver=1" />
  <sql query="select * from ldapfilter where tkldapserver=1" />
What I was to trying to do it was filtering ( for example ipPhone>1000 ) with no success: i filter still not empty field, also restarting Tomcat and Dirsync
tryed with:
any experience ?
Many thanks
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Aaron Harrison Sat, 09/04/2010 - 01:40


Yeah... I've tried doing it as well and it doesn't work.

best thing to do is get access to the 'AD Users and Computers' MMC, and then run custom searches with your intended filter. Test it to death before trying to put it in CCM.

What I found was:

>= works OK for text comparisons (e.g. >=Bob) but not brilliantly... and doesn't work well at all for numeric comparisons.

ipPhone=1*  works, so you can do multiple of those e.g. put something like this in your filter string for anythign starting 1 or 2:


I guess since the contents of ipPhone and other fields such a telephoneNumber are actually strings, not integers, it doesn't work the way you would expect; it's comparing dictionary order rather than numeric.



Please rate helpful posts...

LUIGI PIETRONAVE Sat, 09/04/2010 - 03:43

Hi Aaron,

Yes, i found out what You wrote. Comparing text will works ( =23* or =1* and so on ). Maight be converting ascii string in Hex i can use > or >, but I'm not a programmer so.... it's ok like this, with some "or" operator is ok.

many thanks


Aaron Harrison Sat, 09/04/2010 - 10:50

I think that's as good as you'll get; if you convert to hex it'll probably just see it as literal text as that's what it expects to be sent.



Hello there,

I am trying to make a filter for LDAP using the ipPhone field as well.  Which part of your filter above would i use to do that?

I just want users that have the ipPhone field filled out to show up in the directory

right now all users show up

I tried the following filter someone showed me but not luck


thanks for any help!

Chris Deren Fri, 02/03/2012 - 12:46

Use this:




Chris Deren Fri, 02/03/2012 - 13:48

You have to re-sync, did you perform a manual sync?  If so it should take several minutes depending on how many users are in your LDAP, and then all users that are no longer matched will be changed to INACTIVE state, they will be completly gone at 3 AM or so next day.




This Discussion