Wednesday, September 3, 2008

LDAP Filters - Mail Enabled Objects

Recently I had to come up with an LDAP filter to grab all mail enabled objects for a customer preparing to utilize the Schemus tool provided by our partner Messagelabs (Azaleos's ProtectXchange offering).

A lot of people, even sharp technicians, I've noticed tend to avoid LDAP queries like the plague.  I think the reason is the lack of basic understanding.

Simple things like understanding the operators (such as & being AND, | being OR, ! being NOT, etc) can help immensely.  

My final product for the filter is:

(|(&(mailnickname=*)(objectCategory=person)(objectClass=user))(&(mailni ckname=*)(objectCategory=group)))

A great quick site to glance at for a general overview is here.


2 comments:

Barry Patterson said...

Good stuff. I had issues with this also.
But your query does not account for Contacts and Public Folders. This should work if those need to be included:
(&(&(proxyaddresses=*)(|(objectclass=user)(objectclass=publicFolder)(objectclass=group)(objectclass=Contact))))

Joshua Raymond said...

Very good point Barlo. The task I was building this off of was for smarthost/spam purposes and those fields were not required. I definitely should have mentioned that up front though!