What are some valid examples of LDAP filters in ldapsearch to pull information about an ACF2 user?

Release : 15.1

Component : LDAP Server for z/OS

Here are some examples of valid filters using an ldapsearch call in order to pull LID information from ACF2. The filter portions are highlighted.

• A normal ldapsearch call just using the baseDN without specifying a filter results in (objectclass=*) being used. Specifying this in a filter looks like this:

ldapsearch -x -D cn=USER01 -w xxxxxx -h HOST -p 389 -s base -b \
"acf2lid=USER01,acf2admingrp=lids,host=HOST, \
o=ORG,c=us" "(objectclass=*)"  

• If needing to specify a particular objectclass while using the baseDN for a specific user search, (objectclass=acf2lid) is specified for LID records:

ldapsearch -x -D cn=USER01 -w xxxxxx -h HOST -p 389 -s base -b \
"acf2lid=USER01,acf2admingrp=lids,host=HOST, \
o=ORG,c=us" "(objectclass=acf2lid)"

• If wanting to pull information about a user, the above combinations of baseDN and filter will work. The following can also be used to pull the same information, although it is a redundant way to do it as the baseDN and the filter contain the same information for acf2lid. LDAP ignores the duplicate field information:

ldapsearch -x -D cn=USER01 -w xxxxxx -h HOST -p 389 -s base -b \
"acf2lid=USER01,acf2admingrp=lids,host=HOST, \
o=ORG,c=us" "(&(acf2lid=USER01)(objectclass=acf2lid))"

• If wanting to pull information about another user, either modify the baseDN to specify acf2lid=theiruserid or completely remove the acf2lid field from the baseDN and specify it in the filter instead. Note that the scope for this has changed from base to one:

ldapsearch -x -D cn=USER01 -w xxxxxx -h HOST -p 389 -s one -b \
"acf2admingrp=lids,host=HOST,o=ORG,c=us" \
"(&(acf2lid=USER02)(objectclass=acf2lid))"