Hello folks,
I have a business case, when I need to find all managers with "lost"
directReports (objects from Inactive OU).

I know, that "internal" query token <token-query> don't support wild
card for matching.
From beginning I didn't worry too much: I though, that I can do it via
LDAP query.
After number of tests I found, that this type of query is not available
thru LDAP.

> Regarding match algorithms of LDAP filters, LDAP directory systems
> comply with the specifications of the original X.500 standards.
> According to these matching rules you can't use wildcards in LDAP
> filters for attributes containing LDAP distinguished names (attributes
> with DN-string syntax).
> Even more important could be the search for objects in a specific OU.
> Especially, when only the declaration of a pure filter string is allowed
> and when there is no possibility to specify the search base of an LDAP
> search.Thus, the following filter won't work!
> (distinguishedName=*,ou=Sydney,dc=cerrotorre,dc=or g)

Catch-22: This type of query is not available from LDAP and don't
available (?) from standard token!

Folks, maybe somebody have any idea how to deal with this?
I will repeat my scenario: find all objects, that have directReports or
managers form specific OU.


If you find this post helpful, please show your appreciation by clicking
on the star below
al_b's Profile: https://forums.netiq.com/member.php?userid=209
View this thread: https://forums.netiq.com/showthread.php?t=55244