All Apps and Add-ons

inputlookup in an ldapsearch

Path Finder

Hi, i want to list members of a group and then list their groups in active directory,

for that i have a lookup with all users, i request and format my list so it is nice for the ldap search :

|inputlookup Domaine_LOL | search memberOf=*team_1* | table sAMAccountName | format "|" "(" "(" ")" " " ")"

then i make my ldapsearch, the "static" version is as follow :

| ldapsearch search="(&(objectClass=user)(|(cn=*user1*)(cn=*user2*)(cn=*user3*))(!(objectClass=computer)))" 

    |ldapfetch dn=memberOf attrs="cn,description"
    |table sAMAccountName,cn,description
    |rename sAMAccountName as nom
      | sort + nom

so the automated version should be

| ldapsearch search="(&(objectClass=user)([ |inputlookup Domaine_LOL | search memberOf=*team_1* | table sAMAccountName | format "|" "(" "(" ")" " " ")"])(!(objectClass=computer)))" 

    |ldapfetch dn=memberOf attrs="cn,description"
    |table sAMAccountName,cn,description
    |rename sAMAccountName as nom
      | sort + nom

the problem is i get this error :

Error in 'SearchParser': Missing a search command before '"'. Error at position '131' of search query '|ldapsearch search="(&(objectClass=user)(|[ |inpu...{snipped} {errorcontext = format "|" "(" "(" "}'.

like splunk is waiting a search cmd in order to do an inputlook inside and ldapsearch ..

any way around ?

Thanks.

0 Karma
1 Solution

Esteemed Legend

You need to escape the double-quotes with backslash ( \) like this:

| ldapsearch search="(&(objectClass=user)([ |inputlookup Domaine_LOL | search memberOf=*team_1* | table sAMAccountName | format \"|\" \"(\" \"(\" \")\" \" \" \")\"])(!(objectClass=computer)))"

View solution in original post

0 Karma

Esteemed Legend

You need to escape the double-quotes with backslash ( \) like this:

| ldapsearch search="(&(objectClass=user)([ |inputlookup Domaine_LOL | search memberOf=*team_1* | table sAMAccountName | format \"|\" \"(\" \"(\" \")\" \" \" \")\"])(!(objectClass=computer)))"

View solution in original post

0 Karma

Path Finder

Hi, you were right the escape did things better, so request is now interprated but i still get a "bad filter" Error.

i finally found i was wrong on the way i do my request, i found a much easyer way to achieve what i need with ldapfetch !

i ldapsearch the users members of the group i need and then lists their group memberships, ldapfetch then go get cn and description of groups, muuuch better 🙂

| ldapsearch domain="default" search="(&(objectClass=user)(cn=*))" attrs="sAMAccountName,mail,memberOf"
| search memberOf="CN=Team_1,OU=Groupes,OU=...,OU=....,OU=Users,DC=domain,DC=com" 
|mvexpand memberOf |ldapfetch dn=memberOf attrs="cn,description"
| table sAMAccountName mail cn description
| rename sAMAccountName  AS user
| rename cn AS group_name

thanks for your help 🙂

0 Karma

Esteemed Legend

Be sure to click Accept on the answer to close the question.

0 Karma

Legend

there is a pipe before the square parentheses .
Bye.
Giuseppe

0 Karma

Path Finder

hi,

thanks i did a bad copy in my post, but it doesnt solve the problem.

(i do reinject this needed pipe with the format cmd inside the subsearch)

0 Karma