RE: [ActiveDir] LDAP queries

Thu, 11 May 2006 12:02:59 -0700 

I'm using LDAP Browser/Editor (http://www-unix.mcs.anl.gov/~gawor/ldap/) 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Thursday, May 11, 2006 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LDAP queries

Which browser are you using? Most allow you to extend that well beyond
the 1000 limit.

the appliance should be configurable to handle more than 10,000.
Conceivably, any search can return well more than 10,000 from a GC.
Depends on how the search is executed of course.

Apparently, it uses ldapsearch as it's testing mechanism. Have you
tried the queries with that?

Al



On 5/10/06, Harding, Devon <[EMAIL PROTECTED]> wrote:
>
>
>
> Is there a search limit on Global Catalogs?  The problem I could be having
> is that this Symantec appliance is limited to a 10,000 object search.
>
>
>
> When I use LDAP Browser/editor, it returns only 1000 entries.
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> joe
> Sent: Monday, May 08, 2006 5:22 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] LDAP queries
>
>
>
> I am not familiar with the device, does it pull the objects locally and keep
> in some sort of cache or ???
>
>
>
> Note that you will need to be searching the GC port to find anything since
> you have stuff across multiple domains. So find the way to specify port and
> say 3268 (or 3269 if you want SSL but lets get it working first. :o)
>
>
>
> Now as for the queries....
>
>
>
> A query to find all users (i.e. not contacts) who are exchange enabled (both
> mail and mailbox enabled) you would do something like
>
>
>
> (&(sAMAccountType=805306368)(proxyaddresses=*))
>
>
>
> or
>
>
>
> (&(sAMAccountType=805306368)(mailnickname=*))
>
>
>
>
> either should perform about the same.
>
>
>
>
>
>
>
>
>
>
>
> For non-Exchange enabled groups which is what *I think* you are looking for
> in the second query
>
>
>
>
>
> (&(grouptype=*)(!(proxyaddresses=*)))
>
>
>
>
>
> or
>
>
>
>
>
> (&(grouptype=*)(!(mailnickname=*)))
>
>
>
>
>
>
>
>
> ...should be similar perf.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> For exchange enabled groups
>
>
>
>
>
> (&(grouptype=*)(proxyaddresses=*))
>
>
>
>
>
> or
>
>
>
>
>
> (&(grouptype=*)(mailnickname=*))
>
>
>
>
>
>
>
>
> Again, should be comparable...
>
>
>
>
>
>
>
>
>
>
>
>    joe
>
>
>
>
>
>
>
> --
>
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
>
>
> ________________________________
>
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Harding, Devon
> Sent: Monday, May 08, 2006 4:24 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] LDAP queries
>
> I'm using a Symantec Mail Security 8260 appliance that used LDAP to prevent
> Directory Harvest attacks.  The problem is, the built in queries is causing
> an issue with adding the LDAP server.  We have an empty root with several
> child domains.  Here are the queries:
>
>
>
> Query start (Sync base DN):       DC=domain,DC=com
>
> User query:                               (|(mail=*)(proxyAddresses=*))
>
> Group query:
> (&(!(mail=*))(!(proxyAddresses=*)))
>
> Distribution list query:                 (|(mail=*)(proxyAddresses=*))
>
>
>
> My question is, what other LDAP filters can I use instead of these to
> accomplish the result of querying for user SMTP addresses & distribution
> groups?
>
>
>
> Devon Harding
>
> Windows Systems Engineer
>
> Southern Wine & Spirits - BSG
>
> 954-602-2469
>
>
>
> ---------------------------------------------------------------------------
> This message (including any attachments) is intended only for the use of the
> individual or entity to which it is addressed and may contain information
> that is non-public, proprietary, privileged, confidential, and exempt from
> disclosure under applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. If you have received this communication in error, notify us
> immediately by telephone and (i) destroy this message if a facsimile or (ii)
> delete this message immediately if this is an electronic communication.
> Thank you.
> ---------------------------------------------------------------------------
> This message (including any attachments) is intended only for the use of the
> individual or entity to which it is addressed and may contain information
> that is non-public, proprietary, privileged, confidential, and exempt from
> disclosure under applicable law or may constitute as attorney work product.
> If you are not the intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. If you have received this communication in error, notify us
> immediately by telephone and (i) destroy this message if a facsimile or (ii)
> delete this message immediately if this is an electronic communication.
> Thank you.
.+w֧B+v*rz     Vryi˽箊

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.
[EMAIL PROTECTED]       ��V�r�y�&��-�4���i�b��b��

Reply via email to