Using ldapsearch with filter "memberof" and space character in OU

Question

I already searched a lot of pages on the web but did not find an answer yet. I need to query a MS Windows AD server with ldapsearch to get the users/accounts of a specific group. Therefore I try using a filter string similar to this:

(memberOf=CN=App-User,ou=Org Staff,dc=organization,dc=local)

In the base-DN the space between Org and Staff is no problem, but in the filter string. I tried many combinations of escaping the space but without success. Does anybody know how to get it working with space in OU or do we have to change the OU on the AD server? Many thanks in advance, Nico

Answer 1

Probably wou want to check if OU is really in memberOf with any AD browser such as NetTools. Generally you could achieve the required result in at least three ways:

By putting a filter in single or double quotes and leaving parts with spaces as is

Angle <...> brackets are templates for your values

'Администраторы домена' is in cyrillic and means 'Domain Admins'

Ex.

ldapsearch -H ldap://<server>:<port> -D '<distinguishedName>' -w <password> -b "DC=avt,DC=local" "(memberOf=CN=Администраторы домена,CN=Users,DC=avt,DC=local)"

...

# search result
# numEntries: 11

By putting a filter in quotes and values with spaces in double-quotes

Ex. (reduced for brevity)

ldapsearch ... -b "..." '(memberOf=CN="Администраторы домена",CN=Users,DC=avt,DC=local)'

...

# search result
# numEntries: 11

By putting a filter in double-quotes and by masking any nested double-quotes

ldapsearch ... -b "..." "(memberOf=CN=\"Администраторы домена\",CN=Users,DC=avt,DC=local)"

...

# search result
# numEntries: 11

THESE WILL NOT WORK. Examples below are intentionally wrong

• Single quotes inside of double-quotes

ldapsearch ... -b "..." "(memberOf=CN='Администраторы домена',CN=Users,DC=avt,DC=local)"

...

# search result

ldapsearch responds with no accounts and the answer lacks numEntries

• Double quotes inside of double-quotes

ldapsearch ... -b "..." "(memberOf=CN="Администраторы домена",CN=Users,DC=avt,DC=local)"

...

ldap_search_ext: Bad search filter (-7)

• No quotes

ldapsearch ... -b "..." (memberOf=CN="Администраторы домена",CN=Users,DC=avt,DC=local)
bash: syntax error near unexpected token `('