cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1913
Views
5
Helpful
7
Replies

LDAP ipPhone filter : ccm 7.1

Hi,

I was trying to filter LDAP import based upon LDPA ipPhone value. Filtering empty ipPhone is working with:

  <?xml version="1.0" encoding="UTF-8" ?>
- <!-- DTD generated by XMLSPY v5 rel. 4 U (
http://www.xmlspy.com)
  -->
  <!DOCTYPE data (View Source for full doctype...)>
- <data>
  <sql query="select * from ldapfilter where tkldapserver=1" />
  <sql update="update ldapfilter set filter ='(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))' where tkldapserver=1" />
  <sql query="select * from ldapfilter where tkldapserver=1" />
  </data>
What I was to trying to do it was filtering ( for example ipPhone>1000 ) with no success: i filter still not empty field, also restarting Tomcat and Dirsync
tryed with:
(ipPhone>=1000)
(ipPhone>1000)
(ipPhone>=%1000)
any experience ?
Many thanks
Luigi
7 Replies 7

Aaron Harrison
VIP Alumni
VIP Alumni

Hi

Yeah... I've tried doing it as well and it doesn't work.

best thing to do is get access to the 'AD Users and Computers' MMC, and then run custom searches with your intended filter. Test it to death before trying to put it in CCM.

What I found was:

>= works OK for text comparisons (e.g. >=Bob) but not brilliantly... and doesn't work well at all for numeric comparisons.

ipPhone=1*  works, so you can do multiple of those e.g. put something like this in your filter string for anythign starting 1 or 2:

(|(ipPhone=1*)(ipPhone=2*))

I guess since the contents of ipPhone and other fields such a telephoneNumber are actually strings, not integers, it doesn't work the way you would expect; it's comparing dictionary order rather than numeric.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Hi Aaron,

Yes, i found out what You wrote. Comparing text will works ( =23* or =1* and so on ). Maight be converting ascii string in Hex i can use > or >, but I'm not a programmer so.... it's ok like this, with some "or" operator is ok.

many thanks

Luigi

I think that's as good as you'll get; if you convert to hex it'll probably just see it as literal text as that's what it expects to be sent.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

kwaldecker
Level 1
Level 1

Hello there,

I am trying to make a filter for LDAP using the ipPhone field as well.  Which part of your filter above would i use to do that?

I just want users that have the ipPhone field filled out to show up in the directory

right now all users show up

I tried the following filter someone showed me but not luck

(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(ipPhone=*))

thanks for any help!

Use this:

(&(objectclass=user)(!(objectclass=Computer))(|(ipPhone=+*)(ipPhone=1*)(ipPhone=2*)(ipPhone=3*)(ipPhone=4*)(ipPhone=5*)(ipPhone=6*)(ipPhone=7*)(ipPhone=8*)(ipPhone=9*)(ipPhone=0*)))

HTH,

Chris

Hi Chris,

I just tried your filter and it stills shows all the users.

would it show immediately on the system or do i need to wait for some cleanup?

thanks

You have to re-sync, did you perform a manual sync?  If so it should take several minutes depending on how many users are in your LDAP, and then all users that are no longer matched will be changed to INACTIVE state, they will be completly gone at 3 AM or so next day.

HTH,

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: